Self-protection is on the way. As per MH results, they were file rename Trojans not ransomware (protection module against these type of infections are also work in progress). Files could have been recovered if Logs were sent to Support team and then they provide a solution. Sophos Home support and Developers knows all weaknesses SHP currently has and are working on improvements as we speak. Most of it's strengths, Download reputation check and Web Protection is not covered in MH.As far as SHP is concerned, You get very good web blocking But its protection capabilities are quite weak
as per the tests in malware hub..i have seen a dozen times sophos files itself getting encrypted in the tests
So if a product could not protect its files from getting tampered how could it protect the system
CF- I will stay away from commenting or using it
Most of it's strengths, Download reputation check and Web Protection is not covered in MH.
Not quite sure what you are saying there..That's killing me. SHP is nearly invincible when it comes to its Web Protection; nearly all infected files download are blocked (Heuristics), but the problem is the same infected file that was blocked by let's say download reputation and web protection sometimes is not detected by the antivirus module, so if the file gets to your system from a usb device your system is infected unless the bad behaviour is detected.
I am sorry but English is not my mother language :emoji_cold_sweat: What I meant to say is that most of the detected infections using the web protection "Heuristics" are not detected by the anti-virus module. If you disable web protection the infected file will be downloaded and won't be detected by signatures nor by cloud most of the time, so you'll risk running the file which might not be detected by its behaviour. These files caught by Heuristics should be reported to the cloud too. Sophos components seems to be not linked to each other and each one acts on its own. There's another issue. When you scan an infected files with SHP right-scan it is not detected while it is detected by the full-system scan, so each scan type seems to get their signatures from different places or what? I hope you got me right this time.Not quite sure what you are saying there..