Advice Request Sophos Home Premium?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
F

ForgottenSeer 58943

@ForgottenSeer 58943 sepc has a cloud based sandbox ? I think ony 3 vendrors offer this tech Fortinet Sophos with sandstorm and checkpoint

It says emulation, that in mere milliseconds they provide a sandbox emulation looking for 1,400+ indicators of potential malware. The total featureset of SEPC is;

Network & Browser Exploit Prevention
Advanced Firewall
Malware Prevention
File Reputation Analysis
Behavior Monitoring & Blocking
Advanced Machine Learning
High-speed Emulation
Mobile Device Management
Mobile Security
Wi-Fi & Email Access
Encryption Add-On

I've tried to download a variety of 'test' programs that exhibit malware-like activity such as Spyshelter's test tool. All of them were snagged after statistical analysis, machine learning or sandbox/emulation. I've not succeeded in sneaking anything past the test system with SEPC yet.

So indeed it appears like it has real-time cloud sandox evaluation of some type. I simply do not know the mechanics behind it, but it does seem to be working it's magic.

submission.png
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
@Evjl's Rain what tweaks do you recommend for WD?
I used configuredefender and applied the high settings, that's it
I think it's almost the best available
WD is quite powerful with it
also use RunBySmartscreen by andy_ful when you get the file not coming from your browser.

My tests show
- WD default settings: 0/16, 0/17 => gabbage
- Smartscreen alone (with a help of runbysmartscreen): 11/16, 14/17
- WD tweaked: I didn't test but the old tests show performed very well
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
I used configuredefender and applied the high settings, that's it
I think it's almost the best available
WD is quite powerful with it
also use RunBySmartscreen by andy_ful when you get the file not coming from your browser.

My tests show
- WD default settings: 0/16, 0/17 => gabbage
- Smartscreen alone (with a help of runbysmartscreen): 11/16, 14/17
- WD tweaked: I didn't test but the old tests show performed very well
mWZNDU.png

I guess Norton doesn't like the executable ?:D
 
  • Like
Reactions: harlan4096
D

Deleted member 65228

They manually went out of their way to block @Andy Ful's page on GitHub (SmartScreen utility looking at above images). That is just sad.

Unless its reputation or automatic algorithm related of course. I cannot read the text in the above image.

"BLOKKOLTA" = "Blocked"

That is all I can read from above image
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
They manually went out of their way to block @Andy Ful's page on GitHub (SmartScreen utility looking at above images). That is just sad.

Unless its reputation or automatic algorithm related of course. I cannot read the text in the above image.

"BLOKKOLTA" = "Blocked"

That is all I can read from above image
it doesn't tell you how they added it, it just says that it's blocked.
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
They are pretty sad then.

Instead of spending time actually focusing on threats, they are sabotaging some innocent guy from a security forum. I've seen Symantec do this more than once.
his whole github page is blocked, not just that one.

Opera blocked the download of RunBySmartscreen v2.0.1 citing it's malicious

and the VT results on the same ZIP:
VirusTotal

Sophos marked it as malicious a well, so it's not only Norton.

Considering this, I think Norton had an issue with a different file on his github.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
...
My tests show
- WD default settings: 0/16, 0/17 => gabbage
- Smartscreen alone (with a help of runbysmartscreen): 11/16, 14/17
- WD tweaked: I didn't test but the old tests show performed very well
RunBySmartScreen blocks dangerous files ignored by SmartScreen Application Reputation (WSH, WSF, WSC, WS, VBS, VB, SHS, SCT, REG, PS1, PCD, MST, MSP, MSC, MDE, MDB, JS, JAR, ISP, INS, INF, HTA, HLP, CRT, CHM, BAS, ADP, ADE) and throw to SmartScreen files checked by it: (BAT, CMD, COM, CPL, DLL, EXE, JSE, MSI, OCX, PIF, SCR and VBE).
Other files (like documents, media/ photos/ music files) are allowed to run by design.
RunBySmartScreen works as on-demand utility (it is slightly a different application as compared to RunAsSmartScreen - both included in Hard_Configurator).
.
I suspect that some samples (like documents), were not blocked when using RunBySmartScreen (by design) because that would be unusable for the users. Also, SmartScreen Application Reputation does not check documents and other files allowed by RunBySmartScreen.
When applying ASR mitigations on Windows 10 FCU (via Configuredefender, PowerShell cmdlets or GPO) most missing samples related to malicious documents will be blocked. ASR is good for blocking script trojan downloaders embedded in documents opened by any application, but it works exceptionally well for Microsoft Office (some other mitigations are available). For example, MS Office applications cannot spawn child processes, and then all DDE commands, OLEs, embedded scripts and command lines to Windows script engines (wscript.exe, jscript.exe, hh.exe, mshta.exe, powershell.exe, powershell_ise.exe) are blocked. Only this one mitigation for MS Office applications would stop 99% of malicious documents in the wild.
 
Last edited:

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
So guys I am planning to move on from Bitdefender Internet Security, after so many years (my license will expire) and I am between KIS or SHP.We all know the strength of KIS with tweaked settings, but SHP is a really tempting choice, including so many features and HMPA. But in fact, after the release day,3 months before, there is hardly one or two reviews ,including the hub about this product. Is it really worth it, regarding the protection?
 

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
825
All of u guys have given your genuine points :
Many of them are saying Bitdefender and Kaspersky are overrated?? To my knowledge i haven't seen an advertisement of their products till date ..Though Kaspersky comes inside a bit ..but not much
Yes they maybe overrated but atleast they use their own technologies and are always ahead in REAL WORLD attacks>> Wanna cry outbreak>> PROTECTED
Every user over rate their products in accordance with their tastes..the point is do they stand by by these claims when it comes to Real World...YES for above 2 products
Kaspersky , G data, Dr Web, Bitdefender >>> Deserve this applause because they always stand out.
In my opinion heavily overrated products in this forum is : Emsisoft ..Nothing -ve against them
Pros and Cons exist for each and every Av...The way we look at it defines it.
Every av is good if we use them alongside our brains
BRAIN.exe + AV = 99% Detection rates
 
Last edited:

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
All of u guys have given your genuine points :
Many of them are saying Bitdefender and Kaspersky are overrated?? To my knowledge i haven't seen an advertisement of their products till date ..Though Kaspersky comes inside a bit ..but not much
Yes they maybe overrated but atleast they use their own technologies and are always ahead in REAL WORLD attacks>> Wanna cry outbreak>> PROTECTED
Every user over rate their products in accordance with their tastes..the point is do they stand by by these claims when it comes to Real World...YES for above 2 products
Kaspersky , G data, Dr Web, Bitdefender >>> Deserve this applause because they always stand out.
Your opinion about SHP against KIS?
 
Last edited:
I

illumination


@ForgottenSeer 58943

I'm going to try and help clear this up for you and some others that do not have much time here at MT.

The hub methodology was not set up/designed to compare products. It was set up to test static "signatures" /dynamic "execution" of the product and submit missed samples to vendors as well as bugs found along the way. URL testing used to take place here at MT long ago, but was deemed too dangerous by staff and has since not been allowed. So it is not that the testers are not capable of testing more thoroughly, they are following guidelines established by staff.

I will leave it there, as to not draw out a huge debate by anyone, and hope this helps clear the air a little. These guys in the HUB have come a long way since it's early days of static scans only.

Your statement that users should not rely on results from the Hub to determine a products over all capabilities is correct.
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
Now I want someone to infect the system with the SEPC on board. I wonder how it would do vs @cruelsister 's handcrafted RATs.
SEPC will be infected once at least during malware testing on the hub, i'm sure of it

Your opinion about SHP against KIS?
I know i will sound like a shill but most of the AV you put in comparion with Kaspersky, Kaspersky will come out as favorite.
 

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
SEPC will be infected once at least during malware testing on the hub, i'm sure of it


I know i will sound like a shill but most of the AV you put in comparion with Kaspersky, Kaspersky will come out as favorite.
That's true, Kaspersky is known to be excellent all these years,but now we have a new kid on the block (SHP), with so many features and know little or nothing about protection abilities (majority of the tests referring to Sophos free).
 
  • Like
Reactions: mekelek
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top