Sophos Home Premium - June 2019 Report

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Sophos Home Premium - June 2019 Report
Due to the small number of samples used in this tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to use.
__

C: Clean / P: Protected / P - NC: Protected - Not Clean / I: Infected / E: Encrypted


* Dynamic BB Bonus Test (Protection disabled)
* Partially Blocked
* BSR: Before System Reboot
* ASR: After System Reboot

June
2019
Samples
Pack
Static
Detection
Dynamic
Detection
Total
Detection
Bait Files
Encrypted
2nd Opinion
Scanners
System
Final Status
Thread
Link
17/06/2019​
17​
9 / 17​
5 + 1* / 8​
15 / 17​
No​
C
BSR: I
ASR: P
20/06/2019​
18​
8 / 18​
7 / 10​
15 / 18​
No​
C: HMP
I: WV NPE ZAM3
BSR: I
ASR: I
23/06/2019​
1​
0 / 1​
1 / 1​
1 / 1​
Yes (6)
Reverted (4)
C
P
25/06/2019​
1​
1 / 1​
1 / 1*
1 / 1​
Yes (5)
Reverted (2)
C*
C
P*
25/06/2019​
14​
8 / 14​
3 + 1* / 6​
12 / 16​
No​
C: HMP ZAM3
I: WV NPE
BSR: I
ASR: I
28/06/2019​
24​
9 / 24​
9 / 15​
18 / 24​
No​
C: ZAM3
I: WV HMP NPE
BSR: I
ASR: I

I just installed SHP, even I tried to download in English, it download and installed in Spanish, also changed my site account into Spanish (1st annoyance)...

All is managed via browser => SLOW (2nd annoyance)...

In the 1st system scan (I cancelled -> slow) it detected as threat this tool from SysInternals:
PsKill C:\Users\HARLAN4096\Desktop\SysinternalsSuite\pskill.exe

:)

Update: it's terribly slow scanning the system...
 
Last edited:

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
516
I just installed SHP, even I tried to download in English, it download and installed in Spanish, also changed my site account into Spanish (1st annoyance)...

All is managed via browser => SLOW (2nd annoyance)...

In the 1st system scan (I cancelled -> slow) it detected as threat this tool from SysInternals:


:)

Update: it's terribly slow scanning the system...


Sophos should give you the possibility to control the antivirus even from the client. Via web is too slow and boring.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
also, the result from scanning is different from the deleted files
for example, sophos detects 10/20 malwares and deletes 10 but remaining files in the folder are usually 11-13 files
SHP is vulnerable to ransomwares and sometimes ransomwares encrypt SHP's files => loss of function
 

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
516
also, the result from scanning is different from the deleted files
for example, sophos detects 10/20 malwares and deletes 10 but remaining files in the folder are usually 11-13 files
SHP is vulnerable to ransomwares and sometimes ransomwares encrypt SHP's files => loss of function

Try to do a dynamic test with remnant files.
Sophos static detection is bad.
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
Sophos Home Premium - June 2019 Report

__

C: Clean / P: Protected / P - NC: Protected - Not Clean / I: Infected / E: Encrypted


* Dynamic BB Bonus Test (Protection disabled)
* Partially Blocked
* BSR: Before System Reboot
* ASR: After System Reboot
* HM: Blocked by Hardened Mode

June
2019
Samples
Pack
Static
Detection
Dynamic
Detection
Total
Detection
Bait Files
Encrypted
2nd Opinion
Scanners
System
Final Status
Thread
Link

I just installed SHP, even I tried to download in English, it download and installed in Spanish, also changed my site account into Spanish (1st annoyance)...

All is managed via browser => SLOW (2nd annoyance)...

In the 1st system scan (I cancelled -> slow) it detected as threat this tool from SysInternals:


:)

Update: it's terribly slow scanning the system...
Just thanks. Nothing else :ROFLMAO:
 
F

ForgottenSeer 72227

All is managed via browser => SLOW (2nd annoyance)...

In the 1st system scan (I cancelled -> slow) it detected as threat this tool from SysInternals:


:)

Update: it's terribly slow scanning the system...

Thanks for testing SHP!

I agree the web management can be an annoyance, especially since you cannot change anything locally. IMO I think this is more of a personal thing. Some may like it, some may not. I for one don't mind it, but then again I don't go changing settings on a daily basis, so I really think it's up to the person if they like this setup, or not.

It's scanning can be slow, but one thing I've noticed with it is that initally it's slow, but after a short while it finishes quite fast. For example, on my system it may take a few mins to get to like 13%, but once it reaches that point maybe 30s later it finishes the scan. I'm not sure why it does this, but I can see how it can be annoying.

Also I can't force signature update nor scan an specific folder :emoji_grimacing:

There is an option to force an update, mind you it's hidden in the worst spot IMO, you can find it under troubleshooting.

215104

Secondly, you should be able to right click scan any folder, they just don't have an icon in the list which may make it hard to see.:)(y)
215105

Looking forward to the results!
 
F

ForgottenSeer 72227

SHP has 2 different scanners if I'm not mistaken
If we select scan option from the main UI, it will trigger hitmanpro to scan
if we do right-click scan, it will use sophos' own engine

Ya I'm not too sure. I know with V1 it was HMP for sure, but it seems like they changed it up a bit with V2, so I'm not sure which engine it's using during the scans.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Ya I'm not too sure. I know with V1 it was HMP for sure, but it seems like they changed it up a bit with V2, so I'm not sure which engine it's using during the scans.
I think it should be ML and sophos engines if HMP windows doesn't show up
not sure if SHP has better self-protection now
 
F

ForgottenSeer 72227

I think it should be ML and sophos engines if HMP windows doesn't show up
not sure if SHP has better self-protection now

That could very well be the case. If it is using it's ML component, maybe it's a little slower initially because it's doing a cloud look up? As for the self protection, from some of the test that @Glashouse has done here, it doesn't seem like it gets trashed like V1. None of his tests resulted in SHP no longer working anymore, so I think they fixed that issue with V2.
 
Last edited by a moderator:

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
That could very well be the case. If it is using it's ML component, maybe it's a little slower initially because it's doing a cloud look up? So for the self protection, from some of the test that @Glashouse has done here, it doesn't seem like it gets trashed like V1. None of his tests resulted in SHP no longer working anymore, so I think they fixed that issue with V2.
in my tests, SHP after being encrypted by RWs was still working because RWs could not encrypt active files being used by SHP. They encrypted unprotected files => but still, not good for SHP because it would be malfunction or show errors
I don't know if the ML engine can work offline or not
 
F

ForgottenSeer 72227

@Raiden:

Ok, I finally found those 2 settings, Update signatures under "Resolución de problemas" (What a strange place for this option!), and also after reboot also got "Scan with Sophos Home"!

THANKS!
Glad I could help!:)(y)

Yes, usually after SHP finishes installing and whether you choose to run the full scan or not, it usually wants to restart the computer to finalize the setup. Similar to how Eset's full feature set isn't up and running until a system restart.

Another thing to mention incase you are looking for it, is if you want to add local exclusions, it will also be under the troubleshooting section. I really wish they would fix that, as troubleshooting isn't the first thing people think of when trying to update, or make an exclusion. Maybe I'll have to email their support to see if they can change that in a future version. Also, the tamper protection setting is in the same place, however if your running on a local account its hidden, its only viable on an admin account which is smart IMO.
 

AYIZEB

Level 2
Verified
Oct 18, 2016
73
what I do not like is that it consumes too much and has a lot of processes, but the detention is good if they refine the resources and the processes would be a great option for many people.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top