- Apr 21, 2018
- 397
Thank you for the update! Really sad, i am expecting a lot better from this product due to the fact HPA included in.
Sophos Home Premium?
- Thread starter Maschera
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
Average home user has nothing to worry about, because most of it's strenght relies is Web protection/Downloaded file reputation/Traffic scanning, it will intercept malware and browser exploits before they reach your system.
I also agree that considering all factors it's one of the best AV products around. Also to mention good support, SH/SHP does automatically update and upgrade to future versions in background without user nagging, just informing to perform system restart after important updates have been applied.
Last edited by a moderator:
Glad to hear that in real world usage it will do a better job. I guess adding something along the lines of VS and or OSA will help it with regards to scriptors?
Totally depends in what risk category user is. Whats the probability for user X to open invoice.jar or paypal.vbs or sexybabe.ps1? If none, and you are aware of that it most likely is a trap, then you are ok with just disabling cscript, powershell, uninstall Java if not used, etc. I find VS AI not very smart, and for myself, too much. To install OSArmor alongside you must understand settings and how to configure it, open and view logs, etc. My mom can't do none of that, instead, I like SysHardener more for it's simplicity and it's enough to stop scriptors from connecting out and thus, droping payloads/seting C&C, etc. SysHardener tweaks for Windows Firewall nicely boosts protection. SHP and OSArmor is setup for high risk users who don't control what they open and install, my opinion. If my son was 7+ sometimes accesing PC, I would for sure go for that combo or even Shadow Defender at boot, but since hes only mid 3, I don't think about it now lol.
Last edited by a moderator:
My thoughts exactly. SHP alone is enough for the vast majority of everyone as their usual, primary and sometimes only threat surface is browsing and downloading. Adding OSArmor set to default to SHP for high risk users is a great combo and more than sufficient to deal with anything they'd run into.
Surfing through Heimdal Product Guides i found this What can I do if my Antivirus is blocking Heimdal's traffic? and I am thinking now if it's even good to use Heimdal alongside SHP, even if processes exclusions are set. Dilemma. 
!Highly important: Do not use Heimdal's Traffic Filtering engine in combination with another traffic scanning application because one will block the other and none of them will work 100%. We recommend you disable other traffic scanning applications installed locally before you enable Heimdal's Traffic Filtering engine.
!Highly important: Do not use Heimdal's Traffic Filtering engine in combination with another traffic scanning application because one will block the other and none of them will work 100%. We recommend you disable other traffic scanning applications installed locally before you enable Heimdal's Traffic Filtering engine.
Surfing through Heimdal Product Guides i found this What can I do if my Antivirus is blocking Heimdal's traffic? and I am thinking now if it's even good to use Heimdal alongside SHP, even if processes exclusions are set. Dilemma.
!Highly important: Do not use Heimdal's Traffic Filtering engine in combination with another traffic scanning application because one will block the other and none of them will work 100%. We recommend you disable other traffic scanning applications installed locally before you enable Heimdal's Traffic Filtering engine.
I bet that's a standard 'you probably shouldn't do this' disclaimer - I would guess - so they can point people to it that could have issues. This disclaimer would actually sort of destroy Heimdal's business model because the product isn't a stand alone antivirus suite!
Since SHP has an exceptionally good heuristic traffic scanner and web filtration database, I suppose Heimdal is probably redundant in that area. I'd actually put more confidence in SHP because I've tested SHP and know how good it's heuristic system and database is. However, Heimdal with their RC/Beta is REALLY ramping up their protection levels so who knows what the future holds.
Tough call bro.
Sometimes when you try to reinstall Sophos on your machine it may come up with this error, it's because you did not properly uninstall it at first time and did not remove that client from online Dashboard, if you e.g. formated system. But no worries, after clicking "Finish" Sophos will still be in your system tray, but you will not be able to open UI since install was corrupted obviously, but leave the system running for some time, because Sophos Home will actually do self-repair and quietly install without user interaction. (takes about between 5-15mins depending on system/net speed, etc.)
Last edited by a moderator:
- Apr 21, 2018
- 397
Evjlrain just run the first test of SHP on hub and it was disaster.
Hub are just packs downloaded and don't represent actual real world use. Lots of things fail in the hub, but protect users out in the real world just fine. I mean it's cool if you want to use the hub to add to your knowledge base on how products react to giant packs of malware being opened, but I would caution against using it as an exclusive determination on what to use for yourself. Remember, Panda got owned on the Hub, but routinely scores very high on authoritative tests from certification sites testing real world conditions.
- Apr 21, 2018
- 397
Sure, but after some tests, we can have, not a complete, but a good indication of the program, compared to other tested with the same packs.
Last edited:
- Aug 17, 2014
- 11,108
Feel free to participate in the Hub? it would be nice if you want to share your expert knowledge about how to test all products correctly @ForgottenSeer 58943
I would say that you should try it before you buy. For me, Sophos home is my third go-to security solution after Kaspersky and Eset. Sophos feels light on the system unless your running a low-end device. The web filter is decent and above all the price is very reasonable. Finally, please try to avoid asking such question as you will end much more confused. I do recommend trying the solution and if you feel satisfied, then go and buy it.
Never seen this type of "low action" behavior from SHP and any ransom getting through since v1.2.12. Maybe some failures connecting the servers, neverthless looks bad because all Sophos folder components as well are encrypted and trashed, but interesting part is that it's picked up by "Sophos Machine Learning" in VT, but SHP doesn't detect it, so deffinately something is not working properly. Reported to Sophos and waiting for a more detailed answer on this. Thanks to @Evjl's Rain for the test & @Der.Reisende for providing samples.
Last edited by a moderator:
At least they are aware of this now and working to investigate further this ransomware and attack method.
Last edited by a moderator:
Some news.
SHP and compatabilities with other programms (specifically question was asked if it's ok to use Heimdal Pro alongside SHP.)
About self-protection in Sophos Home/Premium (question was asked after ransomware was able to encrypt Sophos folders too)
About ML and Intercept X (Based on Sophos reply, malicious stuff detected by "Sophos ML" in VirusTotal will NOT be detected by SHP, also explains why it didn't prevent this ransomware)
SHP and compatabilities with other programms (specifically question was asked if it's ok to use Heimdal Pro alongside SHP.)
About self-protection in Sophos Home/Premium (question was asked after ransomware was able to encrypt Sophos folders too)
About ML and Intercept X (Based on Sophos reply, malicious stuff detected by "Sophos ML" in VirusTotal will NOT be detected by SHP, also explains why it didn't prevent this ransomware)
Last edited by a moderator:
- Apr 21, 2018
- 397
Nice research davisd..
Discouraging the misleading about InterceptX.. So it 'sort of' uses it, but not fully. It has no self protection. The integration of HMPA with it is spotty. It doesn't work well with one of my favorite traffic scanners (Thor).
Seems to me there is a lot to dislike with it based on this.. It's discouraging how crappy almost all AV's are these days. Even the well regarded Kaspersky, it has bugs, I found it spiking CPU at times, and it slowed directory trawling significantly. Basically, they all have some problem or another for the most part. I could go on and on about each one, even corporate editions which I have access to. The incessant bugs and issues with FortiClient as well..
Discouraging the misleading about InterceptX.. So it 'sort of' uses it, but not fully. It has no self protection. The integration of HMPA with it is spotty. It doesn't work well with one of my favorite traffic scanners (Thor).
Seems to me there is a lot to dislike with it based on this.. It's discouraging how crappy almost all AV's are these days. Even the well regarded Kaspersky, it has bugs, I found it spiking CPU at times, and it slowed directory trawling significantly. Basically, they all have some problem or another for the most part.
I could go on and on about each one, even corporate editions which I have access to. The incessant bugs and issues with FortiClient as well.. 
- Apr 4, 2017
- 17
ML detection = Invincea
Invincea is not present in SHP.
- Apr 4, 2017
- 17
Trendmicro is bug free. You know it.Nice research davisd..
Discouraging the misleading about InterceptX.. So it 'sort of' uses it, but not fully. It has no self protection. The integration of HMPA with it is spotty. It doesn't work well with one of my favorite traffic scanners (Thor).
Seems to me there is a lot to dislike with it based on this.. It's discouraging how crappy almost all AV's are these days. Even the well regarded Kaspersky, it has bugs, I found it spiking CPU at times, and it slowed directory trawling significantly. Basically, they all have some problem or another for the most part.
- Status
Similar threads
