Sophos Home Updated. Need Your Feedback!

Interesting, wonder if it would have detected and prevented the CCleaner supply chain attack.

 

Thanks for the feedback Alex!

The inclusion of quarantine is clearly requiring a paradigm shift among your leaders. Puzzling, but understandable.

End user PCs are quite different from a support perspective than a client PC in a managed network. Especially for the casual user who is by default his own computer and network administrator, without the enterprise infrastructure in place to recover from a false detection. Casual users may or may not back up their critical data to another device or the cloud. Highly unlikely that the casual end user takes regular disk images that could get them back up and running in a short amount of time. Quarantine yes/no could be a deal breaker in this use case.

Consider that in a managed end point client PC, recovery is usually a simple matter of tech support restoring a complete new image to the device, and the user recovering the user data from a server. Done! But that is not what we are dealing with in home computing...

Keep up the good work!

 

... but speed it up because I don't know if I'm able to test it in the year 2050.

 

Sophos Home updated to version 1.2.7 is there any way to see changelogs for this?

 

Quarantine available?

 

Still no quarantine

 

What a pity ...

 

I don't think they get it. Clueless...

 

Not that we've given up on quarantine, but because we currently don't have one, Sophos Home is not susceptible to the AVGator vulnerability. More info here: https://arstechnica.com/information...o-attacks-that-otherwise-wouldnt-be-possible/ and here: https://community.sophos.com/kb/en-us/127808

Curious on your thoughts. Feel free to comment!

 

I think that if an attacker can roam around your system setting up directory junctions undetected, you have bigger problems than a quarantine!

I would imagine that is the purpose of a product like HitmanPro.Alert or Sophos Intercept X to protect against those type of exploits. Lack of a feature that is being exploited is not proactive, it's just dumb luck!

 

I agree completely

 

+1

 

From: https://www.bleepingcomputer.com/ne...elps-malware-sink-its-teeth-into-your-system/

OK, what part of physical security don't you understand Anybody with malicious intent can do a lot of damage with physical access, not limited to just this example, of course!

 

Tinstaafl, it's time for Sophos to stop their AV because malware could disable an Antivirus completely. No Antivirus, no security risk.

 

It does not pass all the tests amtso !!!

 

Dumb luck is a new feature we've just implemented. Not sure why we didn't deploy it earlier But in all seriousness, while there is concern over security breaches from quarantined malware, good to see different opinions on it.

 

boggles my mind anyone finds it acceptable in 2018 that an AV has no recovering from the quarantine. you even make jokes about it, lmao.

 

Alex, if you don't want quarantine please give us at least an option "ask user before delete".

 

I believe the purpose of this software is to be controlled as like by an administrator via the weblogin, thus the lack of asking local user for decisions.

 

Yeah, tried Sophos for a little while, but no quarantine, no control over the app other than using a browser to log into your "account" and even turning off real time protection through the account did not really turn protection off. I kept getting prompts from Sophos about something I was trying to let through. No way configurable enough. Buh bye...

 

That's the unique thing about it, besides being free security product, such feature of the weblogin can be extremely needed by many people just for that single feature, which sometimes may not be suitable for others especially those that have their personal computer not shared with others.

On the other hand, If one really likes and appreciate what this product has to offer protection-wise for FREE, then such feature as the weblogin "being a hindrance/annoying" can be ignored, imo.

 

I can't ignore the fact that false positives are just deleted, so no Sophos for me at the moment.

 

I'm pretty confident there was an 'ignore' option in the GUI last time I used it (like 4-5 months ago) I used both the regular and beta versions.

 

That is all well and good, but in a controlled enterprise environment all user data is normally backed up to a server. If a major problem occurs with the desktop, the IT support team could restore any user data after wiping the drive and installing a fresh image of the OS and applications, if that was necessary to fix the machine. In fact re-imaging a PC is usually more time efficient than finding and fixing a problem bigger than a password reset.

But for a home or small office end user that is not part of a managed domain, that concept falls apart. Backups? What backups? LOL!!!

Uncontrolled deletion of anything in that use case is just asking for it!