Advice Request Sophos Home Premium?

[ForgottenSeer 58943]

@ForgottenSeer 58943 sepc has a cloud based sandbox ? I think ony 3 vendrors offer this tech Fortinet Sophos with sandstorm and checkpoint

It says emulation, that in mere milliseconds they provide a sandbox emulation looking for 1,400+ indicators of potential malware. The total featureset of SEPC is;

Network & Browser Exploit Prevention
Advanced Firewall
Malware Prevention
File Reputation Analysis
Behavior Monitoring & Blocking
Advanced Machine Learning
High-speed Emulation
Mobile Device Management
Mobile Security
Wi-Fi & Email Access
Encryption Add-On

I've tried to download a variety of 'test' programs that exhibit malware-like activity such as Spyshelter's test tool. All of them were snagged after statistical analysis, machine learning or sandbox/emulation. I've not succeeded in sneaking anything past the test system with SEPC yet.

So indeed it appears like it has real-time cloud sandox evaluation of some type. I simply do not know the mechanics behind it, but it does seem to be working it's magic.

 

[Evjl's Rain]

@Evjl's Rain what tweaks do you recommend for WD?

I used configuredefender and applied the high settings, that's it
I think it's almost the best available
WD is quite powerful with it
also use RunBySmartscreen by andy_ful when you get the file not coming from your browser.

My tests show
- WD default settings: 0/16, 0/17 => gabbage
- Smartscreen alone (with a help of runbysmartscreen): 11/16, 14/17
- WD tweaked: I didn't test but the old tests show performed very well

 

[mekelek]

I used configuredefender and applied the high settings, that's it
I think it's almost the best available
WD is quite powerful with it
also use RunBySmartscreen by andy_ful when you get the file not coming from your browser.

My tests show
- WD default settings: 0/16, 0/17 => gabbage
- Smartscreen alone (with a help of runbysmartscreen): 11/16, 14/17
- WD tweaked: I didn't test but the old tests show performed very well

I guess Norton doesn't like the executable ?

 

[Evjl's Rain]

I guess Norton doesn't like the executable ?

true, they are always blocking it

 

[Deleted member 65228]

They manually went out of their way to block @Andy Ful's page on GitHub (SmartScreen utility looking at above images). That is just sad.

Unless its reputation or automatic algorithm related of course. I cannot read the text in the above image.

"BLOKKOLTA" = "Blocked"

That is all I can read from above image

 

[mekelek]

They manually went out of their way to block @Andy Ful's page on GitHub (SmartScreen utility looking at above images). That is just sad.

Unless its reputation or automatic algorithm related of course. I cannot read the text in the above image.

"BLOKKOLTA" = "Blocked"

That is all I can read from above image

it doesn't tell you how they added it, it just says that it's blocked.

 

[Deleted member 65228]

it doesn't tell you how they added it, it just says that it's blocked.

They are pretty sad then.

Instead of spending time actually focusing on threats, they are sabotaging some innocent guy from a security forum. I've seen Symantec do this more than once.

 

[mekelek]

They are pretty sad then.

Instead of spending time actually focusing on threats, they are sabotaging some innocent guy from a security forum. I've seen Symantec do this more than once.

his whole github page is blocked, not just that one.

Opera blocked the download of RunBySmartscreen v2.0.1 citing it's malicious

and the VT results on the same ZIP:
VirusTotal

Sophos marked it as malicious a well, so it's not only Norton.

Considering this, I think Norton had an issue with a different file on his github.

 

[shmu26]

The best security softwares end up being blocked.
The same thing happened with ReHIPS.

 

[Andy Ful]

...
My tests show
- WD default settings: 0/16, 0/17 => gabbage
- Smartscreen alone (with a help of runbysmartscreen): 11/16, 14/17
- WD tweaked: I didn't test but the old tests show performed very well

RunBySmartScreen blocks dangerous files ignored by SmartScreen Application Reputation (WSH, WSF, WSC, WS, VBS, VB, SHS, SCT, REG, PS1, PCD, MST, MSP, MSC, MDE, MDB, JS, JAR, ISP, INS, INF, HTA, HLP, CRT, CHM, BAS, ADP, ADE) and throw to SmartScreen files checked by it: (BAT, CMD, COM, CPL, DLL, EXE, JSE, MSI, OCX, PIF, SCR and VBE).
Other files (like documents, media/ photos/ music files) are allowed to run by design.
RunBySmartScreen works as on-demand utility (it is slightly a different application as compared to RunAsSmartScreen - both included in Hard_Configurator).
.
I suspect that some samples (like documents), were not blocked when using RunBySmartScreen (by design) because that would be unusable for the users. Also, SmartScreen Application Reputation does not check documents and other files allowed by RunBySmartScreen.
When applying ASR mitigations on Windows 10 FCU (via Configuredefender, PowerShell cmdlets or GPO) most missing samples related to malicious documents will be blocked. ASR is good for blocking script trojan downloaders embedded in documents opened by any application, but it works exceptionally well for Microsoft Office (some other mitigations are available). For example, MS Office applications cannot spawn child processes, and then all DDE commands, OLEs, embedded scripts and command lines to Windows script engines (wscript.exe, jscript.exe, hh.exe, mshta.exe, powershell.exe, powershell_ise.exe) are blocked. Only this one mitigation for MS Office applications would stop 99% of malicious documents in the wild.

 

[Nestor]

So guys I am planning to move on from Bitdefender Internet Security, after so many years (my license will expire) and I am between KIS or SHP.We all know the strength of KIS with tweaked settings, but SHP is a really tempting choice, including so many features and HMPA. But in fact, after the release day,3 months before, there is hardly one or two reviews ,including the hub about this product. Is it really worth it, regarding the protection?

 

[Mahesh Sudula]

All of u guys have given your genuine points :
Many of them are saying Bitdefender and Kaspersky are overrated?? To my knowledge i haven't seen an advertisement of their products till date ..Though Kaspersky comes inside a bit ..but not much
Yes they maybe overrated but atleast they use their own technologies and are always ahead in REAL WORLD attacks>> Wanna cry outbreak>> PROTECTED
Every user over rate their products in accordance with their tastes..the point is do they stand by by these claims when it comes to Real World...YES for above 2 products
Kaspersky , G data, Dr Web, Bitdefender >>> Deserve this applause because they always stand out.
In my opinion heavily overrated products in this forum is : Emsisoft ..Nothing -ve against them
Pros and Cons exist for each and every Av...The way we look at it defines it.
Every av is good if we use them alongside our brains
BRAIN.exe + AV = 99% Detection rates

 

[Nestor]

All of u guys have given your genuine points :
Many of them are saying Bitdefender and Kaspersky are overrated?? To my knowledge i haven't seen an advertisement of their products till date ..Though Kaspersky comes inside a bit ..but not much
Yes they maybe overrated but atleast they use their own technologies and are always ahead in REAL WORLD attacks>> Wanna cry outbreak>> PROTECTED
Every user over rate their products in accordance with their tastes..the point is do they stand by by these claims when it comes to Real World...YES for above 2 products
Kaspersky , G data, Dr Web, Bitdefender >>> Deserve this applause because they always stand out.

Your opinion about SHP against KIS?

 

[Mahesh Sudula]

Its a matured product. I will recommend it .

 

[Deleted Member 3a5v73x]

I've not succeeded in sneaking anything past the test system with SEPC yet.

Now I want someone to infect the system with the SEPC on board. I wonder how it would do vs @cruelsister 's handcrafted RATs.

 

[ZeroDay]

Your opinion about SHP against KIS?

KIS hands down.

 

[illumination]

Genius level post.

View attachment 187130

@ForgottenSeer 58943

I'm going to try and help clear this up for you and some others that do not have much time here at MT.

The hub methodology was not set up/designed to compare products. It was set up to test static "signatures" /dynamic "execution" of the product and submit missed samples to vendors as well as bugs found along the way. URL testing used to take place here at MT long ago, but was deemed too dangerous by staff and has since not been allowed. So it is not that the testers are not capable of testing more thoroughly, they are following guidelines established by staff.

I will leave it there, as to not draw out a huge debate by anyone, and hope this helps clear the air a little. These guys in the HUB have come a long way since it's early days of static scans only.

Your statement that users should not rely on results from the Hub to determine a products over all capabilities is correct.

 

[mekelek]

Now I want someone to infect the system with the SEPC on board. I wonder how it would do vs @cruelsister 's handcrafted RATs.

SEPC will be infected once at least during malware testing on the hub, i'm sure of it

Your opinion about SHP against KIS?

I know i will sound like a shill but most of the AV you put in comparion with Kaspersky, Kaspersky will come out as favorite.

 

[Nestor]

SEPC will be infected once at least during malware testing on the hub, i'm sure of it


I know i will sound like a shill but most of the AV you put in comparion with Kaspersky, Kaspersky will come out as favorite.

That's true, Kaspersky is known to be excellent all these years,but now we have a new kid on the block (SHP), with so many features and know little or nothing about protection abilities (majority of the tests referring to Sophos free).

 

[mekelek]

That's true, Kaspersky is known to be excellent all these years,but now we have a new kid on the block (SHP), with so many features and know little or nothing about protection abilities (majority of the tests referring to Sophos free).

we have a new kid on the block every week here on MT.