Discussion in 'other anti-virus software' started by Alex_Sophos, May 23, 2016.
Quarantine, a roll-back feature or something else just to restore AV "disinfection" actions should be a feature.
How I'm seeing it, the quarantine acts as a way to reduce false-positive detections via reputation of other users' actions/feedback. This feature is turned off by default, and can be activated by more advanced users of your software.
Thanks Alex, but really looking forward to Sophos Home at least adding an opt-in to quarantine. You need the smart guys on your side to recommend the product, right
I'll give you two years to fix this, because that's when my current AV subscription expires, so no hurry. But the sooner, the better
Two years? I'll give you about 1 month, happy Easter ...
We had an excellent discussion regarding quarantine last week with the engineers, and we referenced the comments here. Will keep you posted.
In regards to a malware quarantine, would you (anyone on this forum can answer) prefer that:
1. Malware is listed in a quarantine and you have to choose what says and what should be removed OR
2. All malware automatically removed, but have a restore option for a limited time period, such as 15 or 30 days, for each piece of malware removed?
#1 for sure.
I say #1
Failing an Allow / Quarantine prompt, which I doubt the devs would consider given the presumed philosophy behind / target market of Sophos Home, #1 would be the preferred option.
My Preference would be 1.
Yup, #1 for sure.
With #2 there still exists the possibility (especially in regard to a false positive) that an infrequently used file may go down the rabbit hole before you notice that it's gone. It wouldn't be obvious that something had been deleted, until you had tried to run something with a dependency on it.
#1. IMHO Automatically Remove, no matter how you look at it, is a bad idea.
2 by default for noobs, 1 as an option that can be enable from the configuration.
With 2 you can always restore an you get a notification anyway.
In both cases malware is automatically removed and you have the option to recover it, I don't see much difference besides the expire feature after x days
If someone installs Sophos Home and enables the real-time protection only for it to mark some files as malicious (when they are really false positive detection's), but securely remove them as opposed to quarantining them, how is the user supposed to approach this situation? It can cause them a lot of hassle to go through backups which may or may not contain the now-lost files, or for them to scramble through the web to re-obtain the files... In some cases, they may not be retrievable depending on the scenario.
You could always add the Quarantine functionality back and place a new option in the Settings to allow a user to have new detection's auto-removed as opposed to being quarantined... Then you can please both the customers who want automated removal and ones who would like it to be quarantined until further investigation.
I really do think that Sophos as a team should re-think this decision.
I use Sophos home for my family that are not so tech savvy. I however, do not because of this exact reason. It needs to be more granular for us power users.
Choice no. 1.
In my personal experience, luckily Sophos hasn't deleted any wrong files yet. But if possible, I prefer the infected files to be moved to quarantine. So, just in case, if it's correct, I can empty quarantine later, if it's a false alarm, I'd like to have my file back.
Am I the only one who don't see any difference between the 2 options besides the expiration of the quarantined file?
Does Sophos Free has HMP.A integrated ?
No, their enterprise stuff does.
Oh! Its disappointing ( although understandable from business perspective).
Plus I was wondering that Sophos is getting low score consistently for months in independent test, which has HMPA integrated. So, is it even worth to get HMPA, keeping in mind its cost.
I will definitely like to see HMPA integrated in free version too in future. If sophos is serious ( a big question ) about its free version to compete with much better free products, it needs to incorporate better security components.
HMP.A isn't free so why would they add it to an AV for free?
So, they removed the free version?
Well, no. The trial reverts to the free version but doesn't offer anywhere near the same level of protection.
I expect them to release Invincea tech at least in their free AV, I think it would make sense.
Even Sophos was not free earlier. But they did release a free version for consumers. The point is not just paid component ( which in this case is still valid point though as sophos would want its money back that it invested in HMP). The main issue whether the missing feature in free product is worth for the consumer to upgrade to paid.
It generally holds true for majority of AV companies but I do not see that valid for sophos. Currently, sophos is only for enterprise. You wont find normal people using it.
If it really want to capture the market away from other free AV companies then it need to beat them. Adding HMPA could be one such measure which might make it more lucrative than the competition.