Hi all, I was wondering if sophos is a good AV in 2022, I remember it was pretty good in 2020 and they've also moved to cloud so there should be minimal impact to pc resources.

Hi all, a quick question. My university offers Sophos home premium for free. I usually don't do lots of risky stuff. Is it worth it to set it up? Does it have any side effects on my computer like slowing it down?

Thanks.

This is an email I sent out to my superiors.

So I am was put in complete shock talking to the Sophos technical support rep. We Migrated a test VDI pool to SSVM for Sophos Central which scans virtual machines. Downloaded the eicar test file. Sophos blocked it. We waited for the email to come through. No email. Thought it was a problem. Opened up a ticket with Sophos. They specifically told me, “Why would you want an email for something that was already taken care of?”

He had to say my name because there was a good 10seconds of dead air.

Eventually I blew all his arguments he tried to throw at me, which sounded like canned ones.

What if another zero day virus comes in with this one? Didn’t have an answer except to have the full client on instead of using SSVM. Then why make a SSVM for Sophos Central? Sales pitch garbage.

What if they were going to bad websites and I need to block an uncategorized website that spreads Virus’. Sorry it wont detect that and email you.

Didn’t ask but I should have to make an even better point.

What if a Virus’ came through a local source? File or document that is read only? We would never know because it was cleaned up on the client end.

This is yet another feature and functionality lost with migrating to Sophos Central. And their lack of security expertise always leaves me with the worry this product is a liability to the company. What was their solution? Like all other security flaws, they ask me to put in a “Feature Request”. Which is their way of saying. I am passing the buck.

I am getting the tech to update the ticket and will get confirmation of this

I am stuck with a Sophos at my new company and I am ready to actually spend my own money to get rid of the thing! It is the most cumbersome and clumped together solution I have ever worked with. It simply sucks!

That is all.

*Edit More Info*

I was in Managed services for 13 Years and the last couple as a Technical Director/Partner for a MSP.

In short all product conversations with partners would go “ Yes XXXX is better but we as an MSP will make more Money with the Sophos”. Thus my marketing statement, they know how to play the MSP game and get sales.

The why it sucks (for me) reasoning are:

I am used to FortiGate, and I get that different stroke for different folks, but...

1. Something stupid, the policy and rule referencing in the device sucks, just make it that you can click on the reference, and it takes you to the rule, The control centre is cluttered.

2. Web Proxy or the DPI engine + Chrome is a nightmare.

3. I must reinstall at least 1-2 Sophos connect applications a week because it just stops working. no reason, just needs a reinstall.

4. setting up exclusion rules are more work than it should be, and sometimes it just does not exclude things from being scanned by the SSL/TLS Policy.

5. for no reason other than “fuck physics” I had to reissue my certificates.

It just seems like you must prep your environment/infrastructure to “run a Sophos” it really is not an elegant solution, it is as if it creates work for the MSP’s to bill their clients..

I just don’t enjoy it, I mis my ForiGate.

The company I started working at in August of last year has a SG125w firewall which they have had for many years now, it needs to be upgraded without a doubt but recently the database stopped working and while working with a tech my issue was escalated. However the top teir tech is so lazy to address the issue that he instantly pawns it off telling me "your device only supports 40 devices, and you have 175 behind your firewall so you need to upgrade your firewall". I am not sure who that even comes close to the database suddely stopping/failing on my firewall.

I am not sure I want to buy a Sophos firewall again if that's how I am going to treated, and certainly cannot recommend to anyone else I know they invest in a Sophos firewall.

Is this normal for Sophos to decide we aren't going to support you, even though your support does last until 2025. Instead we (Sophos) are going to tell you to upgrade your firewall...

Thanks,

I am considering getting Sophos Home antivirus, but I'm really not a fan of "everything about you and your software is stored in the Cloud^TM" paradigm that every company and their mother is trying to push.

Is Sophos Home a "good" AV, and is it safe (in the sense that it doesn't sell/steal your data)?

I was pitched this appliance and all the associated junk software that came with it as a "anti-virus Cloud network powered by machine learning" but I have seen literally nothing redeeming about any of their products so far.

1. Their SSLVPN client is just OpenVPN re-badged with their icon. Literally.

2. Their endpoint clients need the local computer to be restarted at least a half a dozen times per week.

3. I have seen about 50% of my endpoint clients crap-the-bed for one reason or another and they usually require hacky workarounds, manual registry fixes, and way too much log surfing to fix.

4. There's probably about a 25% chance that intalling/upgrading a client will fail for some arbitrary reason.

5. They have no update release schedule. Whenever some product is ready for release it gets released by whoever, whenever, even if they've already made you restart half your infra once that day.

6. They don't deal directly with customers. You have to have a "partner." If you want to stop doing business with a "partner" and pick a different one they have no real way of handling that other than some sales guy going on Google and looking up another one for you.

7. The UI is terrible, unintuitive, and I find inconsistencies between the actual interface and the documented interface all the time.

8. The endpoing clients are terrible. There is so little functionality I almost wonder if it does anything at all.

9. They usually break something over here whenever they fix something over there.

10. They have a hidden "feature" called the "Sophos Competitor Removal Tool" which silently removes software from your network.

11. HOW MANY DIFFERENT F*****G LOG FILES YOU DO NEED TO THROW AROUND MY FILESYSTEMS?!?!?

12. Their subscriptions barely protect anything unless you pay for all their upselling.

13. They didn't stop a spear phishing ransomware attack in my organization. My own scripts stopped it instead.

14. UTM, SEP, CID, CES, CEA, CRT, SAU, SAV, SAVi, SAVDi, SMCaaS..... Screw off you pretentious prick. You are not important enough to have that many acronyms. My cognitive load is high enough already.

15. They literally use malicious exfiltration techniques (DNS tunnelling) during normal operation (try detecting TXT record exfiltration in your domain and Sophos will be the worst offender).

16. About 75% of the remote operations I try to perform from Sophos Central simply don't work.

17. This shit costs THOUSANDS of dollars!?!?!?!

Sorry for the long rant. I had to get that out there. I think once our contract is up I'm gonna throw this piece of junk on Craigslist and start over.

Is it me or Sophos antivirus suite is just horrible? It is just a source of work, I mean each time we have to go through the console and get the tamper protection off to remove quarantined object that were stuck. This is when it works well, otherwise it is like services are not working properly for whatever reason then there is nothing you can do to fix it.

YES THAT'S A RANT! Edit:spelling Edit2: on this cake day I just wanted to thank you all for your comments and overall contribution, I tried to keep up with the comments but there are lots of them. I love this community, big THANKS.

Hey guys!

Did a test on Sophos Home with 15 recent malicious scripts consisting of .bat, .js and .vbs files. The samples were collected from https://app.any.run by using the filter type scripts and malicious verdicts. All samples are very recent, almost all of them were uploaded today. Some of the samples there are AsyncRAT, AutoIt infostealer, RAT abusing NetSupport's legitimate remote control software, droppers, downloaders and fileless loader for XWorm.

Malicious scripts were saved in a folder and Sophos Home was then installed. The settings were all kept enabled and it was checked to see if all the protections were enabled. The folder was then scanned, and the remaining samples were ran by double clicking.

Test was done on a Windows 10 Hyper-V machine with fully disabled Windows Defender and internet connection. Software such as Process Monitor, Process Explorer, Autoruns, TCPView were installed to monitor malware behavior and determine the detection, persistency or malicious activity.

Full video: https://www.youtube.com/watch?v=hbCeP9GEhJY

Samples: https://www.virustotal.com/gui/file/472c9765f8cdd92a36e0301c2ad2d38f775002dc49db1ea439a6cb86c285d7d6/relations (if anyone retrieves the archive, the password is infected)

• Static detection (detection when scanning the folder containing all malware): 1/15 (6,6%)

• Remediated samples after running (samples that were terminated and their malicious activity did not pursue) 10/14 (71%)

• Samples, that were able to set a persistency (run after restarting): 4/14 (28%)

• Samples, that were terminated after triggering persistency when restarting (by behavioral engine): 2/4 (50%)

• Samples, that were able to run after triggering persistency, however did not show direct malicious behavior: 1/4 (25%)

• Samples, that were able to run and showed direct malicious behavior, such as connecting to C2, downloading more malware: 1/4 (25%)

• Malware that was able to get away with malicious activity: 1/15 (6,6%)

Final verdict: This test once again proved that the most important part of anti-malware software is the behavioral detection. Second opinion scanners can not do what Sophos did here today. The ability to remediate malware detected by behavioral detection is very good here, but can definitely be improved. Sophos is a great anti-virus software,

Improvements: Finding the actual culprit triggering the detections is my only idea here if we don't consider the poor static detection, since the samples were new. It is not comfortable restarting into 5 popups about blocking PowerShell that blocks my whole screen. I would also love the ability to close all the notifications at once in the tray.

Sophos is definitely on the right track to become a top product. Considering these samples are very new and are not statically detected yet, the fact behavioral detection was able to handle this well is impressive.

---

Please, use a real antivirus software. Do not rely on VirusTotal analysis and then using second opinion scanners time to time. You need a behavioral detection nowadays. Script malware is everywhere and statically detecting it is just not as effective as flagging it's malicious behavior. If you look at the static detections from VirusTotal, the chances your antivirus would detect are low, as most popular engines struggle with flagging it. Making a statically undetected script is not as hard as it may look.

So I was browsing Sophos Website and I found this software called Sophos Scan And Clean, I was curious about it and I downloaded it to see what it is. When I opened the program the UI was identical to Hitman Pro which I already have installed. Can anyone tell me what's the difference between the two?

I heard that accounts that were modified to be sophos home free before the "change" would still be able to use sophos free but newer accounts wont be able to. Also, what led to this sudden unusual decision by sophos?

how does it compare to premium, how does it compare to KSCF?

https://home.sophos.com/en-us/free-anti-virus-windows?

Have been using Sophos Home since it was launched as a Beta and have subscribed to the Premium since it became chargeable - It expired this week (just found out after launching Sophos to see when the defs were from). I didn't get a reminder like usual but anyway, before I hit renew I am wondering if there are better alternatives out there now? I protect 8 Windows devices, a few being family, so want to make sure it's worth switching before telling them to install / have to do an install for them.

I don't do anything fancy with it, so have all features enabled as per the recommended settings.

A few years ago, we were up for renewal for our AV, but weren't happy with what was being used (Kaspersky). At my previous job, we were suggesting ESET for our clients, so I suggested we look into that. But, its user interface had changed since the version I had used a couple years prior, and it wasn't user-friendly at all. I forget all the others we evaluated, but Sophos was by far the easiest to manage, so we went with it. We bought 2 years of service, and the vendor gave us an additional 8 months free. Since then, I can count the number of infected things I actually had to deal with on one hand...on an install base of over 1300 computers. I've had to clear out files it found that were compromised, sure...but no real infections. No cryptos. The only real issue is with its reporting capability, as it can send an email, but is lacking something that we can use to have it generate tickets automagically.

So, we're up for renewal, and I'm perfectly happy just extending our license, but I want to do my due diligence first. Unfortunately, AV Comparatives isn't showing Sophos any more.

What's the preferred corporate AV these days? As I said, 1300 computers being managed.

Hey all,

I wanted everyone's input on the two products: Sophos's email protection and Microsoft's Defenders email security. what are the advantages of one vs. the other? which one would you choose etc. I saw a post similar to this about 5 years ago. But considering how Microsoft has made great strides in all their security products I wanted to start the conversation again.

Any input is greatly appreciated.

I have been trying to find an alternative to Sophos Home - Sophos Home is great but I don’t like that everything is managed through the website. This becomes a pain when someone else wants to make a change on their PC but they’re prompted to sign into my account.

Is there any other 10 device plans that compare with Sophos in price? They only charge like 30-50 a year for 10 devices - and they don’t hike the price after the 1st year.

Their website says their professional tools etc are free for home users. Are they good, compared to bitdefender malware bytes etc, or should I skip them?

Hi there,

I realize that this is the Sophos Reddit, but I can't think of a better place to ask this question. I am the new IT Manager for a company that has neglected all things IT for the last 4 years. I have put out most of the major fires and now I'm looking at all my endpoints. I have about 60 PC and a couple of servers with little to no protection. I'm working with CDW to get something figured out. Their #1 choice was Sophos and after the dog and pony show, I agree, it looks amazing. Then I got the price tag and my jaw dropped. Even with deep discounting, it was nearly double what I expected (I figured $9k the quote was $16k). I have no issue going back to my leadership and telling them, but I've left wondering, is it worth it? Could anyone share their experiences that wouldn't mind being used as a reference of sorts? I'm not going to call anyone or ask people to talk with my leadership. I just want to make sure that I'm doing the right thing.

Thank you!

Tom