Mahesh Sudula

Level 15
Verified
Malware Tester
As far as SHP is concerned, You get very good web blocking But its protection capabilities are quite weak
as per the tests in malware hub..i have seen a dozen times sophos files itself getting encrypted in the tests
So if a product could not protect its files from getting tampered how could it protect the system
https://malwaretips.com/threads/mixed-threats-26-25-07-2018.85476/
CF- I will stay away from commenting or using it
 
D

Deleted Member 3a5v73x

SHP + OSArmor/SysHardener/Hard_Configurator, you chose wich you are more familiar with based on your knowledge.

I would not use CF to avoid incompatibilities with HitmanPro.Alert integrated in SHP. Just Windows Firewall set to Public.

There's a lot to talk about when it comes to SHP. You can read some of the information about it here Q&A - Sophos Home Premium?
 
D

Deleted Member 3a5v73x

As far as SHP is concerned, You get very good web blocking But its protection capabilities are quite weak
as per the tests in malware hub..i have seen a dozen times sophos files itself getting encrypted in the tests
So if a product could not protect its files from getting tampered how could it protect the system
https://malwaretips.com/threads/mixed-threats-26-25-07-2018.85476/
CF- I will stay away from commenting or using it
Self-protection is on the way. As per MH results, they were file rename Trojans not ransomware (protection module against these type of infections are also work in progress). Files could have been recovered if Logs were sent to Support team and then they provide a solution. Sophos Home support and Developers knows all weaknesses SHP currently has and are working on improvements as we speak. Most of it's strengths, Download reputation check and Web Protection is not covered in MH.
 

Al-Faqir

Level 8
Verified
Most of it's strengths, Download reputation check and Web Protection is not covered in MH.
That's killing me. SHP is nearly invincible when it comes to its Web Protection; nearly all infected files download are blocked (Heuristics), but the problem is the same infected file that was blocked by let's say download reputation and web protection sometimes is not detected by the antivirus module, so if the file gets to your system from a usb device your system is infected unless the bad behaviour is detected.
 
  • Like
Reactions: BryanB
D

Deleted Member 3a5v73x

That's killing me. SHP is nearly invincible when it comes to its Web Protection; nearly all infected files download are blocked (Heuristics), but the problem is the same infected file that was blocked by let's say download reputation and web protection sometimes is not detected by the antivirus module, so if the file gets to your system from a usb device your system is infected unless the bad behaviour is detected.
Not quite sure what you are saying there..
 
  • Like
Reactions: Al-Faqir

Al-Faqir

Level 8
Verified
Not quite sure what you are saying there..
I am sorry but English is not my mother language :emoji_cold_sweat: What I meant to say is that most of the detected infections using the web protection "Heuristics" are not detected by the anti-virus module. If you disable web protection the infected file will be downloaded and won't be detected by signatures nor by cloud most of the time, so you'll risk running the file which might not be detected by its behaviour. These files caught by Heuristics should be reported to the cloud too. Sophos components seems to be not linked to each other and each one acts on its own. There's another issue. When you scan an infected files with SHP right-scan it is not detected while it is detected by the full-system scan, so each scan type seems to get their signatures from different places or what? I hope you got me right this time.