Hi all, a quick question. My university offers Sophos home premium for free. I usually don't do lots of risky stuff. Is it worth it to set it up? Does it have any side effects on my computer like slowing it down?
Thanks.
Hey guys!
Did a test on Sophos Home with 15 recent malicious scripts consisting of .bat, .js and .vbs files. The samples were collected from https://app.any.run by using the filter type scripts and malicious verdicts. All samples are very recent, almost all of them were uploaded today. Some of the samples there are AsyncRAT, AutoIt infostealer, RAT abusing NetSupport's legitimate remote control software, droppers, downloaders and fileless loader for XWorm.
Malicious scripts were saved in a folder and Sophos Home was then installed. The settings were all kept enabled and it was checked to see if all the protections were enabled. The folder was then scanned, and the remaining samples were ran by double clicking.
Test was done on a Windows 10 Hyper-V machine with fully disabled Windows Defender and internet connection. Software such as Process Monitor, Process Explorer, Autoruns, TCPView were installed to monitor malware behavior and determine the detection, persistency or malicious activity.
Full video: https://www.youtube.com/watch?v=hbCeP9GEhJY
Samples: https://www.virustotal.com/gui/file/472c9765f8cdd92a36e0301c2ad2d38f775002dc49db1ea439a6cb86c285d7d6/relations (if anyone retrieves the archive, the password is infected)
Static detection (detection when scanning the folder containing all malware): 1/15 (6,6%)
Remediated samples after running (samples that were terminated and their malicious activity did not pursue) 10/14 (71%)
Samples, that were able to set a persistency (run after restarting): 4/14 (28%)
Samples, that were terminated after triggering persistency when restarting (by behavioral engine): 2/4 (50%)
Samples, that were able to run after triggering persistency, however did not show direct malicious behavior: 1/4 (25%)
Samples, that were able to run and showed direct malicious behavior, such as connecting to C2, downloading more malware: 1/4 (25%)
Malware that was able to get away with malicious activity: 1/15 (6,6%)
Final verdict: This test once again proved that the most important part of anti-malware software is the behavioral detection. Second opinion scanners can not do what Sophos did here today. The ability to remediate malware detected by behavioral detection is very good here, but can definitely be improved. Sophos is a great anti-virus software,
Improvements: Finding the actual culprit triggering the detections is my only idea here if we don't consider the poor static detection, since the samples were new. It is not comfortable restarting into 5 popups about blocking PowerShell that blocks my whole screen. I would also love the ability to close all the notifications at once in the tray.
Sophos is definitely on the right track to become a top product. Considering these samples are very new and are not statically detected yet, the fact behavioral detection was able to handle this well is impressive.
---
Please, use a real antivirus software. Do not rely on VirusTotal analysis and then using second opinion scanners time to time. You need a behavioral detection nowadays. Script malware is everywhere and statically detecting it is just not as effective as flagging it's malicious behavior. If you look at the static detections from VirusTotal, the chances your antivirus would detect are low, as most popular engines struggle with flagging it. Making a statically undetected script is not as hard as it may look.
Videos
how does it compare to premium, how does it compare to KSCF?
https://home.sophos.com/en-us/free-anti-virus-windows?
Hi all, I was wondering if sophos is a good AV in 2022, I remember it was pretty good in 2020 and they've also moved to cloud so there should be minimal impact to pc resources.
I heard that accounts that were modified to be sophos home free before the "change" would still be able to use sophos free but newer accounts wont be able to. Also, what led to this sudden unusual decision by sophos?
I might be infected i try to find help in techsupport and people say anti viruses / anti malware 100% dosent detect all type of malware they say to reinstall windows any help if this is true and is sophos home good? Aswell kaspersky virus removal tool?
So it appears that the non-premium version of Sophos Home has been silently moved from "Free Edition" to "Free Trial". The dashboard is no longer functional and after updating the software it appears essentially bricked with nothing but an ad for premium.
Feels like the beginning of the end for Sophos. I understand sometimes a company will discontinue a product, but to pull the rug out from under me is unhelpful to say the least, especially on a security focused product.
I am very disappointed. I had previously considered upgrading to premium, but I do not consider Sophos an option anymore. I do not feel comfortable trusting my security to a company who will brick my AV with no advance warning.
No blog post or announcement in sight - in fact most of the website still says "Free" but the landing pages have been changed to "Free Trial".
Wondering if others are running into the same issues. Discussion is welcome.
Edit: Thanks u/zw9491! Looks like it has been officially mentioned in at least one location so at least we don't have to speculate.
It also confirms
No, your computer is not protected after the license expires. None of the Sophos Home settings/protections will work until the license is renewed.
Wondering if, after four years of trouble-free Mac use I should bend and finally install an antivirus.
I am tech savvy and used to work at Apple. Therefore I am not afraid of biting to e-mail scams, but still I use BitTorrent software and browse around a lot.
Sophos antivirus claims it is lightweight. That is my major concern : how actually light is it ?
I have been trying to find an alternative to Sophos Home - Sophos Home is great but I don’t like that everything is managed through the website. This becomes a pain when someone else wants to make a change on their PC but they’re prompted to sign into my account.
Is there any other 10 device plans that compare with Sophos in price? They only charge like 30-50 a year for 10 devices - and they don’t hike the price after the 1st year.
i'm looking for a free AV for my mobile device. from the comments i saw in previous posts, they would mostly recommend sophos (intercept x) and bitdefender. which between these two would you recommend more? thanks in advance!
This is an email I sent out to my superiors.
So I am was put in complete shock talking to the Sophos technical support rep. We Migrated a test VDI pool to SSVM for Sophos Central which scans virtual machines. Downloaded the eicar test file. Sophos blocked it. We waited for the email to come through. No email. Thought it was a problem. Opened up a ticket with Sophos. They specifically told me, “Why would you want an email for something that was already taken care of?”
He had to say my name because there was a good 10seconds of dead air.
Eventually I blew all his arguments he tried to throw at me, which sounded like canned ones.
What if another zero day virus comes in with this one? Didn’t have an answer except to have the full client on instead of using SSVM. Then why make a SSVM for Sophos Central? Sales pitch garbage.
What if they were going to bad websites and I need to block an uncategorized website that spreads Virus’. Sorry it wont detect that and email you.
Didn’t ask but I should have to make an even better point.
What if a Virus’ came through a local source? File or document that is read only? We would never know because it was cleaned up on the client end.
This is yet another feature and functionality lost with migrating to Sophos Central. And their lack of security expertise always leaves me with the worry this product is a liability to the company. What was their solution? Like all other security flaws, they ask me to put in a “Feature Request”. Which is their way of saying. I am passing the buck.
I am getting the tech to update the ticket and will get confirmation of this
I know this surely has already been questioned here but what's the free antivirus with best performance and that cares about user's privacy stuff (not like McAfee and others that collects too much data)?
This kind of question is always asked here, in a daily basis, people should try to check out for older posts and etc, because this question has been answered 999,999,999 times already and it's just obnoxious to enter reddit.com and the first thing I (and probably other people here too) see in r/antivirus is "Best free antivirus?" every. single. day.
Best free antivirus/antimalware available for almost every common/major platform?
I recommend Sophos. I've used it for myself and numerous clients on PC and Android (where it's known as Intercept lX), I've also used it on a few clients' MacOS installations and personally dabbled briefly with it myself on a few different Linux distros. The only platform I have no personal or client experience with Sophos is iOS.
On all platforms where I have experience using Sophos I've been very impressed and satisfied with the company's free security software offerings. I would describe myself as being a seasoned and knowledgeable vet on both Windows and Android; competent but slightly less seasoned on Linux and MacOS; and having minimal experience with iOS (although still usually more savvy than a typical user when it comes to solving more technical problems). Between myself and dozens of my generally non-technical clients, not a single piece of malware has managed to impact any of us beyond being detected/eliminated/reported by Sophos antivirus/antimalware. I've also found the company's documentation, support and community to be of good quality, as well.
I feel somewhat lucky to have discovered Sophos and their products, because for some reason they don't seem to register much in articles/reviews/tests of security software. I will note that on the few occasions where I have seen them included in such information their products always seem to be considered competent/decent, perhaps not rated top-of-the-charts, but certainly above average. So, no surprise that the company doesn't seem to advertise as much as any of the typically familiar industry names.
I first heard of Sophos shortly after I first acquired a smartphone. One of the initial things I did at that time was to research and test a decent size sample of the free antivirus/antimalware packages available for Android that had the best reputations over time. I also included a few other less familiar products that I'd come across in various ways that also seemed worth checking out. Sophos became a part of this latter group after I had read a very well written and detailed technical analysis of a particular botnet and how it worked from top to bottom, including its communicatios, means of spreading,, and the methods it used to maintain its stealth.
I'm a fearless and heavy user of the internet in general. I've got enough experience to know when I am browsing sites with great potential to serve up a malware threats,, not to mention I've always got a few fairly recently bookmarked sites that have been positively identified as serving up malicious material. I gave each product on my roster a few days of use on my phone, making sure that each saw at least a certain minimum number of sites total from my typical daily browsing, and that each saw all sites included in a single, small, pre-determined list I created from specifically chosen bookmarks I had marked as "known malicious."
Out of roughy a dozen total contenders, Sophos was the first (and one of the few) products that reported anything when each of my "known malicious" bookmarks were opened. I was rather shocked that most of these items went unmentioned by so many of the more popular and/or well-rated security software packages I tested.
This led me to give Sophos the first shot at becoming my primary Android security software of choice by proving itself worthy in regular usage over the long term. It's never given me a reason to try anything else, having been solid not only in protection via detection/removal, but also thanks to several other nice features it offers that together make sure your phone is safe in other ways, too. These include: a tool for easily checking and comparing of app permissions in detail, grouped in various ways; a component that checks your phone's local security settings (lock screen, PINs, encryption, etc.) and suggests possible improvements; a module that can check the safety of both new and known Wi-Fi networks (alerting you to weak encryption, configuration errors, etc.); options to filter web sites with particular types of content; etc.
It wasn't long before I decided to check out Sophos for Windows and other platforms. Sophos has served me well everywhere I've used it.
A few notes and tips if you decide to try Sophos:
You'll need to set up a fee account with Sophos, but they don't spam you. Read through their documentation/help before installation/setup and configuration - it's a little different than other antivirus software in that you need to be logged in to your account in a web browser for most configuration. One thing I really like is how this antivirus very rarely will interact with the user. It only asks for user guidance when it absolutelyust. It does notify when dangerous/malicious/unwanted software is detected and simply blocks/removes/etc as necessary before notifying the user. I support numerous computer users who are extremely non-technical and very click-careless, and Sophos has been a godsend for all of us.
Near the beginning of this post I stated that "II've also found the company's documentation, support and community to be of good quality, as well." I'd like to close with the following example...
On one occasion a client called me for help when his Sophos installation on Windows detected, blocked and reported activity it deemed to be very likely malicious, yet not specifically matching anything it definitely knew how to deal with. The Sophos software made it clear to my client that this was a situation where the best thing to do would be to immediately block/quarantine the dangerous activity/code and submit a sample to the Sophos lab teams for analysis. This was the only time that any of my clients received a notification from Sophos that they felt might be beyond their ability to handle comfortably/properly on their own. My client blocked/quarantined the activity/code in question and then called me for help tackling the situation.
I started by visiting the Sophos website to review their process for sample submission and problem resolution in such a case. Submitting the sample was a simple task for me, but probably something that my client would have been worried about having done correctly. As for problem resolution, the starting point was essentially opening a support ticket with Sophos alongside the sample submission. Easy enough, so I opened a support ticket via an online form (I believe I could have done this via telephone, as well, if it hadn't been on a weekend and outside of Sophos business hours). I hoped things would go quickly and as well as everything else I'd experienced with anything Sophos-related to that point, figuring I likely wouldn't get a response until Monday.
To my surprise, I received a response within a day, learning that the sample submitted had been analyzed and confirmed to be malicious. Apparently, it was a new variant on something Sophos was already familiar with recognizing/removing, but different enough to require new information to be created for the Sophos antivirus/antimalware software so that it would be able to safely recognize/remove this new variant. Even better, I was also informed that Sophos had already updated things and that my client should manually check and if necessary force an update of his Sophos installation, and then run a full scan, after which the malicious code/files should be reported to is as detected and cleaned. Sophos also asked us to send them a copy of our logs afterwards, regardless of the outcome, so that they could verify that this issue could be considered done and closed. Everything went perfectly, leaviing my client and I very happy, impressed, and satisfied.
I am considering getting Sophos Home antivirus, but I'm really not a fan of "everything about you and your software is stored in the CloudTM" paradigm that every company and their mother is trying to push.
Is Sophos Home a "good" AV, and is it safe (in the sense that it doesn't sell/steal your data)?
I was pitched this appliance and all the associated junk software that came with it as a "anti-virus Cloud network powered by machine learning" but I have seen literally nothing redeeming about any of their products so far.
Their SSLVPN client is just OpenVPN re-badged with their icon. Literally.
Their endpoint clients need the local computer to be restarted at least a half a dozen times per week.
I have seen about 50% of my endpoint clients crap-the-bed for one reason or another and they usually require hacky workarounds, manual registry fixes, and way too much log surfing to fix.
There's probably about a 25% chance that intalling/upgrading a client will fail for some arbitrary reason.
They have no update release schedule. Whenever some product is ready for release it gets released by whoever, whenever, even if they've already made you restart half your infra once that day.
They don't deal directly with customers. You have to have a "partner." If you want to stop doing business with a "partner" and pick a different one they have no real way of handling that other than some sales guy going on Google and looking up another one for you.
The UI is terrible, unintuitive, and I find inconsistencies between the actual interface and the documented interface all the time.
The endpoing clients are terrible. There is so little functionality I almost wonder if it does anything at all.
They usually break something over here whenever they fix something over there.
They have a hidden "feature" called the "Sophos Competitor Removal Tool" which silently removes software from your network.
HOW MANY DIFFERENT F*****G LOG FILES YOU DO NEED TO THROW AROUND MY FILESYSTEMS?!?!?
Their subscriptions barely protect anything unless you pay for all their upselling.
They didn't stop a spear phishing ransomware attack in my organization. My own scripts stopped it instead.
UTM, SEP, CID, CES, CEA, CRT, SAU, SAV, SAVi, SAVDi, SMCaaS..... Screw off you pretentious prick. You are not important enough to have that many acronyms. My cognitive load is high enough already.
They literally use malicious exfiltration techniques (DNS tunnelling) during normal operation (try detecting TXT record exfiltration in your domain and Sophos will be the worst offender).
About 75% of the remote operations I try to perform from Sophos Central simply don't work.
This shit costs THOUSANDS of dollars!?!?!?!
Sorry for the long rant. I had to get that out there. I think once our contract is up I'm gonna throw this piece of junk on Craigslist and start over.
I’ve been using Sophos for a few years now and it seems to work fine. But it’s up for renewal and I’m wondering how it stacks up against other AV products. Is there a better alternative ie. more effective, more features, etc.?
Had a weird experience with Sophos recently that made me rethink how reliable it actually is. We migrated a test VDI pool to SSVM for Sophos Central, which is supposed to scan virtual machines. When we tested it with the eicar file, it blocked it just fine but we never got an email alert.
I figured it was a setup issue and called support. The rep said, “Why would you want an email for something that’s already handled?” I was honestly stunned. I explained that notifications matter for auditing and tracking, especially in larger environments. But he kept defending it instead of giving a real fix.
When I asked about zero-day threats or hidden malware, his solution was to switch to a full client install instead of SSVM. That made me question the whole point of Sophos Central. If the main feature can’t alert properly, it feels more like a marketing thing than a security one.
It also turns out the system won’t notify you about uncategorized or malicious sites spreading viruses. Even if something sneaks in through a local file, the client just “handles it silently.” That lack of transparency doesn’t sit well with me.