Advice Request Sophos Home Premium?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
I can non-officialy confirm It would perform average, since I almost daily throw stuff at it from Hybrid, but sadly I don't have enough time to share the results. It struggles against scriptors, but here's the Sophos answer.


However, It's wouln't be true real-world test for SHP because some malware prevention vectors are ignored by downloading from Hybrid, not directly from malware host.
Thank you for the update! Really sad, i am expecting a lot better from this product due to the fact HPA included in.
 
  • Like
Reactions: JB007
D

Deleted Member 3a5v73x

Thank you for the update! Really sad, i am expecting a lot better from this product due to the fact HPA included in.
Average home user has nothing to worry about, because most of it's strenght relies is Web protection/Downloaded file reputation/Traffic scanning, it will intercept malware and browser exploits before they reach your system.
That makes it one of the best products IMO. You get the best on-demand scanner, anti-exploit, key-scrambler around (IMO) along with some healthy machine learning being progressively more integrated into the package. Not to mention Sophos legendary high quality heuristic web traffic scanner. All for $40 a year for 10 devices? A steal.

I also agree that considering all factors it's one of the best AV products around. Also to mention good support, SH/SHP does automatically update and upgrade to future versions in background without user nagging, just informing to perform system restart after important updates have been applied.
 
Last edited by a moderator:
F

ForgottenSeer 72227

Average home user has nothing to worry about, because most of it's strenght relies is Web protection/Downloaded file reputation/Traffic scanning, it will intercept malware and browser exploits before they reach your system.


I also agree that considering all factors it's one of the best AV products around. Also to mention good support, SH/SHP does automatically update and upgrade to future versions in background without user nagging, just informing to perform system restart after important updates have been applied.

Glad to hear that in real world usage it will do a better job. I guess adding something along the lines of VS and or OSA will help it with regards to scriptors?
 
D

Deleted Member 3a5v73x

Glad to hear that in real world usage it will do a better job. I guess adding something along the lines of VS and or OSA will help it with regards to scriptors?
Totally depends in what risk category user is. Whats the probability for user X to open invoice.jar or paypal.vbs or sexybabe.ps1? If none, and you are aware of that it most likely is a trap, then you are ok with just disabling cscript, powershell, uninstall Java if not used, etc. I find VS AI not very smart, and for myself, too much. To install OSArmor alongside you must understand settings and how to configure it, open and view logs, etc. My mom can't do none of that, instead, I like SysHardener more for it's simplicity and it's enough to stop scriptors from connecting out and thus, droping payloads/seting C&C, etc. SysHardener tweaks for Windows Firewall nicely boosts protection. SHP and OSArmor is setup for high risk users who don't control what they open and install, my opinion. If my son was 7+ sometimes accesing PC, I would for sure go for that combo or even Shadow Defender at boot, but since hes only mid 3, I don't think about it now lol.
 
Last edited by a moderator:
F

ForgottenSeer 58943

Totally depends in what risk category user is. Whats the probability for user X to open invoice.jar or paypal.vbs or sexybabe.ps1? If none, and you are aware of that it most likely is a trap, then you are ok with just disabling cscript, powershell, uninstall Java if not used, etc. I find VS AI not very smart, and for myself, too much. To install OSArmor alongside you must understand settings and how to configure it, open and view logs, etc. My mom can't do none of that, instead, I like SysHardener more for it's simplicity and it's enough to stop scriptors from connecting out and thus, droping payloads/seting C&C, etc. SysHardener tweaks for Windows Firewall nicely boosts protection. SHP and OSArmor is setup for high risk users who don't control what they open and install, my opinion. If my son was 7+ sometimes accesing PC, I would for sure go for that combo or even Shadow Defender at boot, but since hes only mid 3, I don't think about it now lol.

My thoughts exactly. SHP alone is enough for the vast majority of everyone as their usual, primary and sometimes only threat surface is browsing and downloading. Adding OSArmor set to default to SHP for high risk users is a great combo and more than sufficient to deal with anything they'd run into.
 
D

Deleted Member 3a5v73x

Surfing through Heimdal Product Guides i found this What can I do if my Antivirus is blocking Heimdal's traffic? and I am thinking now if it's even good to use Heimdal alongside SHP, even if processes exclusions are set. Dilemma. :unsure:

!Highly important: Do not use Heimdal's Traffic Filtering engine in combination with another traffic scanning application because one will block the other and none of them will work 100%. We recommend you disable other traffic scanning applications installed locally before you enable Heimdal's Traffic Filtering engine.
 
F

ForgottenSeer 58943

Surfing through Heimdal Product Guides i found this What can I do if my Antivirus is blocking Heimdal's traffic? and I am thinking now if it's even good to use Heimdal alongside SHP, even if processes exclusions are set. Dilemma. :unsure:

!Highly important: Do not use Heimdal's Traffic Filtering engine in combination with another traffic scanning application because one will block the other and none of them will work 100%. We recommend you disable other traffic scanning applications installed locally before you enable Heimdal's Traffic Filtering engine.

I bet that's a standard 'you probably shouldn't do this' disclaimer - I would guess - so they can point people to it that could have issues. This disclaimer would actually sort of destroy Heimdal's business model because the product isn't a stand alone antivirus suite!

Since SHP has an exceptionally good heuristic traffic scanner and web filtration database, I suppose Heimdal is probably redundant in that area. I'd actually put more confidence in SHP because I've tested SHP and know how good it's heuristic system and database is. However, Heimdal with their RC/Beta is REALLY ramping up their protection levels so who knows what the future holds.

Tough call bro.
 
D

Deleted Member 3a5v73x

Sometimes when you try to reinstall Sophos on your machine it may come up with this error, it's because you did not properly uninstall it at first time and did not remove that client from online Dashboard, if you e.g. formated system. But no worries, after clicking "Finish" Sophos will still be in your system tray, but you will not be able to open UI since install was corrupted obviously, but leave the system running for some time, because Sophos Home will actually do self-repair and quietly install without user interaction. (takes about between 5-15mins depending on system/net speed, etc.)

1.PNG

Capture.PNG

Capture11.PNG

Capture1.PNG
 
Last edited by a moderator:
F

ForgottenSeer 58943

Evjlrain just run the first test of SHP on hub and it was disaster.

Hub are just packs downloaded and don't represent actual real world use. Lots of things fail in the hub, but protect users out in the real world just fine. I mean it's cool if you want to use the hub to add to your knowledge base on how products react to giant packs of malware being opened, but I would caution against using it as an exclusive determination on what to use for yourself. Remember, Panda got owned on the Hub, but routinely scores very high on authoritative tests from certification sites testing real world conditions.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
Hub are just packs downloaded and don't represent actual real world use. Lots of things fail in the hub, but protect users out in the real world just fine. I mean it's cool if you want to use the hub to add to your knowledge base on how products react to giant packs of malware being opened, but I would caution against using it as an exclusive determination on what to use for yourself. Remember, Panda got owned on the Hub, but routinely scores very high on authoritative tests from certification sites testing real world conditions.
Feel free to participate in the Hub? it would be nice if you want to share your expert knowledge about how to test all products correctly @ForgottenSeer 58943
 

Al-Faqir

Level 8
Verified
Jul 24, 2018
379
I would say that you should try it before you buy. For me, Sophos home is my third go-to security solution after Kaspersky and Eset. Sophos feels light on the system unless your running a low-end device. The web filter is decent and above all the price is very reasonable. Finally, please try to avoid asking such question as you will end much more confused. I do recommend trying the solution and if you feel satisfied, then go and buy it.
 
D

Deleted Member 3a5v73x

Never seen this type of "low action" behavior from SHP and any ransom getting through since v1.2.12. Maybe some failures connecting the servers, neverthless looks bad because all Sophos folder components as well are encrypted and trashed, but interesting part is that it's picked up by "Sophos Machine Learning" in VT, but SHP doesn't detect it, so deffinately something is not working properly. Reported to Sophos and waiting for a more detailed answer on this. Thanks to @Evjl's Rain for the test & @Der.Reisende for providing samples.

 
Last edited by a moderator:
D

Deleted Member 3a5v73x

At least they are aware of this now and working to investigate further this ransomware and attack method.

(Sophos Support)

I'm sorry to hear that and I can understand your frustration about this. I'm not sure why that particular virus/ransomware was not added to our database yet. Let me see if I can find something out.

I can see that this particular virus was already submitted to the virus lab. Just checking on the status. Nothing is ever 100% secure.

We're in the process of updating the signatures for this. I don't have any ETA, but this should be done shortly. I can only apologize for the inconvenience caused by the infection.

The labs team is working on this as we speak.
 
Last edited by a moderator:
D

Deleted Member 3a5v73x

Some news.

SHP and compatabilities with other programms (specifically question was asked if it's ok to use Heimdal Pro alongside SHP.)
(Heimdal Support)

We do not recommend to use Heimdal alongside other Traffic scanner software since most likely both of them will experience some issues.
(Sophos Support)

I would also suggest that this (Heimdal Pro) may not be compatible with Sophos Home. If you have the program installed and Sophos Home software installed there are a limited amount of programs that are supported for use with Sophos Home by default. This can be found on the online account under PROTECTION - Exploits - Protected Applications. Any programs that are on your computer that are supported will be listed there.

That would be the only item to suggest from us would be to add it to exclusions. But if it is causing Sophos Home software to crash then this would be a good indication of it not being supported.

About self-protection in Sophos Home/Premium (question was asked after ransomware was able to encrypt Sophos folders too)
Me: does SHP have self-protection module?
Sophos: It does not currently.
Sophos: This is something that is being looked into however.

About ML and Intercept X (Based on Sophos reply, malicious stuff detected by "Sophos ML" in VirusTotal will NOT be detected by SHP, also explains why it didn't prevent this ransomware)
Sophos: Sophos Home Premium does not have machine learning built into it
Sophos: It is something that is being looked into for a future update however.
Sophos: It uses a different format for scanning and tracking threats.
Me: But it does have Intercept X, doesn't it?
Sophos: It does not have intercept X
Sophos: it has features that are similar to intercept X but does not use the same items as intercept X does
Sophos: Sophos Home software is a stand alone product that includes Hitmanpro.alert if you have the premium software included.
Sophos: It has similar features of other Sophos based products like intercept X but it does not have the same coding or format as intercept X
Sophos: This is something that is being worked on though to be hopefully released in a future update
Me: Hopefully this year.
Sophos: Yes. This year for sure.
 
Last edited by a moderator:
F

ForgottenSeer 58943

Nice research davisd..

Discouraging the misleading about InterceptX.. So it 'sort of' uses it, but not fully. It has no self protection. The integration of HMPA with it is spotty. It doesn't work well with one of my favorite traffic scanners (Thor).

Seems to me there is a lot to dislike with it based on this.. It's discouraging how crappy almost all AV's are these days. Even the well regarded Kaspersky, it has bugs, I found it spiking CPU at times, and it slowed directory trawling significantly. Basically, they all have some problem or another for the most part. :sneaky: I could go on and on about each one, even corporate editions which I have access to. The incessant bugs and issues with FortiClient as well.. (n)
 

Pelocha

Level 1
Verified
Apr 4, 2017
17
Never seen this type of "low action" behavior from SHP and any ransom getting through since v1.2.12. Maybe some failures connecting the servers, neverthless looks bad because all Sophos folder components as well are encrypted and trashed, but interesting part is that it's picked up by "Sophos Machine Learning" in VT, but SHP doesn't detect it, so deffinately something is not working properly. Reported to Sophos and waiting for a more detailed answer on this. Thanks to @Evjl's Rain for the test & @Der.Reisende for providing samples.

ML detection = Invincea
Invincea is not present in SHP.
 

Pelocha

Level 1
Verified
Apr 4, 2017
17
Nice research davisd..

Discouraging the misleading about InterceptX.. So it 'sort of' uses it, but not fully. It has no self protection. The integration of HMPA with it is spotty. It doesn't work well with one of my favorite traffic scanners (Thor).

Seems to me there is a lot to dislike with it based on this.. It's discouraging how crappy almost all AV's are these days. Even the well regarded Kaspersky, it has bugs, I found it spiking CPU at times, and it slowed directory trawling significantly. Basically, they all have some problem or another for the most part. :sneaky: I could go on and on about each one, even corporate editions which I have access to. The incessant bugs and issues with FortiClient as well.. (n)
Trendmicro is bug free. You know it.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top