Sophos Home Updated. Need Your Feedback!

Discussion in 'other anti-virus software' started by Alex_Sophos, May 23, 2016.

  1. fmon

    fmon formerly: Impet

    Joined:
    May 5, 2013
    Posts:
    969
    +1 :thumb:
     
  2. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    273
    Location:
    Philippines
    Quarantine, a roll-back feature or something else just to restore AV "disinfection" actions should be a feature.

    How I'm seeing it, the quarantine acts as a way to reduce false-positive detections via reputation of other users' actions/feedback. This feature is turned off by default, and can be activated by more advanced users of your software.
     
  3. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    249
    Location:
    U.S.
    Thanks Alex, but really looking forward to Sophos Home at least adding an opt-in to quarantine. You need the smart guys on your side to recommend the product, righto_O

    I'll give you two years to fix this, because that's when my current AV subscription expires, so no hurry. But the sooner, the better :)
     
  4. fmon

    fmon formerly: Impet

    Joined:
    May 5, 2013
    Posts:
    969
    Two years? I'll give you about 1 month, happy Easter ... :geek:
     
  5. Alex_Sophos

    Alex_Sophos Registered Member

    Joined:
    Feb 9, 2016
    Posts:
    27
    We had an excellent discussion regarding quarantine last week with the engineers, and we referenced the comments here. Will keep you posted.

    In regards to a malware quarantine, would you (anyone on this forum can answer) prefer that:
    1. Malware is listed in a quarantine and you have to choose what says and what should be removed OR
    2. All malware automatically removed, but have a restore option for a limited time period, such as 15 or 30 days, for each piece of malware removed?
     
  6. Alexhousek

    Alexhousek Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    437
    Location:
    USA--Colorado
  7. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,203
    Location:
    USA,IA
    I say #1
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    1,472
    Location:
    Cape Town, South Africa
    Failing an Allow / Quarantine prompt, which I doubt the devs would consider given the presumed philosophy behind / target market of Sophos Home, #1 would be the preferred option.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,971

    My Preference would be 1.
     
  10. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    249
    Location:
    U.S.
    Yup, #1 for sure.

    With #2 there still exists the possibility (especially in regard to a false positive) that an infrequently used file may go down the rabbit hole before you notice that it's gone. It wouldn't be obvious that something had been deleted, until you had tried to run something with a dependency on it.
     
  11. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    820
    #1. IMHO Automatically Remove, no matter how you look at it, is a bad idea.
     
  12. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,271
    2 by default for noobs, 1 as an option that can be enable from the configuration.

    With 2 you can always restore an you get a notification anyway.

    In both cases malware is automatically removed and you have the option to recover it, I don't see much difference besides the expire feature after x days
     
  13. Achelous

    Achelous Registered Member

    Joined:
    Monday
    Posts:
    10
    Location:
    UK
    This. +1.

    If someone installs Sophos Home and enables the real-time protection only for it to mark some files as malicious (when they are really false positive detection's), but securely remove them as opposed to quarantining them, how is the user supposed to approach this situation? It can cause them a lot of hassle to go through backups which may or may not contain the now-lost files, or for them to scramble through the web to re-obtain the files... In some cases, they may not be retrievable depending on the scenario.

    You could always add the Quarantine functionality back and place a new option in the Settings to allow a user to have new detection's auto-removed as opposed to being quarantined... Then you can please both the customers who want automated removal and ones who would like it to be quarantined until further investigation.

    I really do think that Sophos as a team should re-think this decision.
     
  14. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,219
    Location:
    USA
    I use Sophos home for my family that are not so tech savvy. I however, do not because of this exact reason. It needs to be more granular for us power users.
     
  15. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    1,487
    #1 :thumb:
     
  16. klv12gcn

    klv12gcn Registered Member

    Joined:
    May 25, 2008
    Posts:
    2
    Location:
    Bermuda Triangle
    Choice no. 1. :thumb:
    In my personal experience, luckily Sophos hasn't deleted any wrong files yet. But if possible, I prefer the infected files to be moved to quarantine. So, just in case, if it's correct, I can empty quarantine later, if it's a false alarm, I'd like to have my file back. ;)
     
  17. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,271
    Am I the only one who don't see any difference between the 2 options besides the expiration of the quarantined file?
     
Loading...