Mahesh Sudula

Level 16
Verified
Malware Tester
a slight note: Today when i had a talk with the sophos guys about their core anti ransom module, the reason for its slight delay action
seen after 1-2 files encryption> They answered that to prevent fp' to a great extent and to make monitoring with high confidence
though it makes total sense, they are in the way of adding new module that recovers files in the process of encryption in the memory level itself!
Great isn't it;)
 

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
at the end, some files were encrypted, which is not a good thing
they explained that ~3+ files might be sacrificed (without being rolled back) the properly identify the ransomwares
what if they are important files? Not convincing. 1 file being encrypted immediately means a fail
HMPA is proven to be always suboptimal in CS's tests although it has been slightly improved

there are much better solutions. KFA can do much better. It can stop almost all ransomwares before they harm the files
since the 2018 version (second half of 2018), I haven't seen any failure against ransomwares
 
D

Deleted Member 3a5v73x

Although SHP managed to do well, this is not a correct and accurate way of testing SHP, because it maybe could have stoped ransomware samples reaching desktop/folders at a Web protection/Downloaded file reputation/Traffic scanning level. Also as noted in SHP interface, throughout all test Real Time Anti-Virus protection is disabled from Web dashboard. To me this Sophos review is "for fun" to push limits for no point which results doesn't reflect real-world system with running SHP with all protection mechanisms enabled.
 
Last edited by a moderator: