Hi all, a quick question. My university offers Sophos home premium for free. I usually don't do lots of risky stuff. Is it worth it to set it up? Does it have any side effects on my computer like slowing it down?

Thanks.

Hey guys!

Did a test on Sophos Home with 15 recent malicious scripts consisting of .bat, .js and .vbs files. The samples were collected from https://app.any.run by using the filter type scripts and malicious verdicts. All samples are very recent, almost all of them were uploaded today. Some of the samples there are AsyncRAT, AutoIt infostealer, RAT abusing NetSupport's legitimate remote control software, droppers, downloaders and fileless loader for XWorm.

Malicious scripts were saved in a folder and Sophos Home was then installed. The settings were all kept enabled and it was checked to see if all the protections were enabled. The folder was then scanned, and the remaining samples were ran by double clicking.

Test was done on a Windows 10 Hyper-V machine with fully disabled Windows Defender and internet connection. Software such as Process Monitor, Process Explorer, Autoruns, TCPView were installed to monitor malware behavior and determine the detection, persistency or malicious activity.

Full video: https://www.youtube.com/watch?v=hbCeP9GEhJY

Samples: https://www.virustotal.com/gui/file/472c9765f8cdd92a36e0301c2ad2d38f775002dc49db1ea439a6cb86c285d7d6/relations (if anyone retrieves the archive, the password is infected)

• Static detection (detection when scanning the folder containing all malware): 1/15 (6,6%)

• Remediated samples after running (samples that were terminated and their malicious activity did not pursue) 10/14 (71%)

• Samples, that were able to set a persistency (run after restarting): 4/14 (28%)

• Samples, that were terminated after triggering persistency when restarting (by behavioral engine): 2/4 (50%)

• Samples, that were able to run after triggering persistency, however did not show direct malicious behavior: 1/4 (25%)

• Samples, that were able to run and showed direct malicious behavior, such as connecting to C2, downloading more malware: 1/4 (25%)

• Malware that was able to get away with malicious activity: 1/15 (6,6%)

Final verdict: This test once again proved that the most important part of anti-malware software is the behavioral detection. Second opinion scanners can not do what Sophos did here today. The ability to remediate malware detected by behavioral detection is very good here, but can definitely be improved. Sophos is a great anti-virus software,

Improvements: Finding the actual culprit triggering the detections is my only idea here if we don't consider the poor static detection, since the samples were new. It is not comfortable restarting into 5 popups about blocking PowerShell that blocks my whole screen. I would also love the ability to close all the notifications at once in the tray.

Sophos is definitely on the right track to become a top product. Considering these samples are very new and are not statically detected yet, the fact behavioral detection was able to handle this well is impressive.

---

Please, use a real antivirus software. Do not rely on VirusTotal analysis and then using second opinion scanners time to time. You need a behavioral detection nowadays. Script malware is everywhere and statically detecting it is just not as effective as flagging it's malicious behavior. If you look at the static detections from VirusTotal, the chances your antivirus would detect are low, as most popular engines struggle with flagging it. Making a statically undetected script is not as hard as it may look.

Hi all, I was wondering if sophos is a good AV in 2022, I remember it was pretty good in 2020 and they've also moved to cloud so there should be minimal impact to pc resources.