grahamperrin Posted August 30, 2010 Report Share Posted August 30, 2010 Background Sophos Endpoint Security and Control 9.0.5?— must its heuristic preferences be set in a particular way for compatibility with Immunet Protect? Sophos Endpoint Security and Data Protection 9.5? Side note: I recall responding to http://blog.immunet.com/blog/2010/3/20/help-us-define-immunet-protect-20-what-other-av-should-we-su.html but responses were removed, and the copy in Diigo (2010-04-08) was probably cached before all responses were gained. No mentions of Sophos at Immunet Protect 2.0 Requirements & Compatible Security Package List or Incompatible Software with Immunet Protect & Known Issues; no mentions of Sophos elsewhere in the support area (however: search results there are currently not reliable); and nothing relevant in these forums … so I'll share my experience with this product combination: early versions of Immunet Protect 2.x Sophos Endpoint Security and Control 9 with Sophos Anti-Virus 9.0.5 and HIPS configuration 1.x Link to comment Share on other sites More sharing options...
grahamperrin Posted August 30, 2010 Author Report Share Posted August 30, 2010 Preamble Sophos preferences for HIPS runtime behavior analysis default to: [√] Detect suspicious behavior [√] Detect buffer overflows [√] Alert only On some machines that I help to administer, preferences (from a centralised installation) vary from those defaults: [√] Detect suspicious behavior [ ] Detect buffer overflows [ ] Alert only early versions of Immunet Protect 2.x Sophos Endpoint Security and Control 9 with Sophos Anti-Virus 9.0.5 and HIPS configuration 1.x Considering (a) the 16 August date of http://vrt-sourcefire.blogspot.com/2010/08/clamav-release-announcements.html announcing SPERO in ClamAV for Windows 2.0, and ( release notes in the Announcements forum (I can't tell when SPERO became a feature of released versions of Immunet Protect), comments below might relate to 2.x versions of Immunet Protect prior to 2.0.14 . My experience with the product combination So far: no problems. Sometimes a software installation will take much longer than expected. That expectation: based on the assumption that whatever I'm installing (typically mainstream stuff, nothing exotic) has previously been installed by another user of Immunet Protect — so I shouldn't have to wait long for a disposition from the cloud. In case of slowness: if I (personally) trust the installer, then temporarily exiting Immunet Protect allows the installation to complete quickly. Until recently I assumed that the slowness was whilst waiting for an in-cloud analysis (by Immunet Protect people and/or machines) of a profile of the installation. Since learning a little more about ETHOS and SPERO engines, now I wonder whether the slowness was local. Link to comment Share on other sites More sharing options...
Guest orlando Posted August 30, 2010 Report Share Posted August 30, 2010 About Sophos I can not find proper documentation to give a correct answer. Ask developers to test and as soon as I got the computer test (if they are not the first test) I will get me to test. News as soon as I will contact you. I shall highlight Alfred your questions to get an immediate response. About TETRA and SPERO it is different. SPERO is a heuristic engine to detect unknown malware, and this engine is not serious about performance. While TETRA is an engine that is based on the main features of a traditional Anti-Virus. So I think TETRA is a step backwards nell'inovazione of the cloud (just my opinion) and then this engine, comparing the file signatures, may slow the system. Regards, Orlando Link to comment Share on other sites More sharing options...
grahamperrin Posted August 30, 2010 Author Report Share Posted August 30, 2010 TETRA is an engine that is based on the main features of a traditional Anti-Virus. Thanks, there's also the questions at http://forum.immunet.com/index.php?/topic/155-does-clamav-and-immunet-have-same-cloud-definitions/page__pid__1650#entry1650 — no rush. Sophos … 9.0 Absolutely no rush on this, I'm taking a leisurely approach. Bank holiday here in the UK today. Sophos … 9.5 Sophos Endpoint Security and Data Protection 9.5? I can't guess when I'll see a move from 9.0 to 9.5 in my area. Nor can I guess whether I'll see cloud-oriented Sophos Live Anti-Virus enabled by default. A guess: I'll see Sophos Live URL Filtering enabled by default (thinking: a recent decision to use a MessageLabs service for filtering of e-mail). Link to comment Share on other sites More sharing options...
alfred Posted August 30, 2010 Report Share Posted August 30, 2010 Thanks, there's also the questions at http://forum.immunet.com/index.php?/topic/155-does-clamav-and-immunet-have-same-cloud-definitions/page__pid__1650#entry1650 — no rush. Sophos … 9.0 Absolutely no rush on this, I'm taking a leisurely approach. Bank holiday here in the UK today. Sophos … 9.5 I can't guess when I'll see a move from 9.0 to 9.5 in my area. Nor can I guess whether I'll see cloud-oriented Sophos Live Anti-Virus enabled by default. A guess: I'll see Sophos Live URL Filtering enabled by default (thinking: a recent decision to use a MessageLabs service for filtering of e-mail). As you've likely deduced, Sophos is not supported. Mostly because it's typically considered Enterprise AV and we're focused on the Consumer audience right now. We also see very little of it outside of the UK. If you're seeing slow downs on installs I assume you have Blocking Mode on? If so I would say to turn it off if the delays are a problem. If you do not have it on, then I assume ETHOS is your culprit as it can slow down installers. You always have the option of excluding the filenames of the files you install often and trust as well. al Link to comment Share on other sites More sharing options...
grahamperrin Posted September 1, 2010 Author Report Share Posted September 1, 2010 we're focused on the Consumer audience right now OK Sophos is not supported Maybe have a short article listing products that are unsupported, mentioning the current focus not on enterprise. Hits on the article may be rare, but it'll save some people discovering by deduction. … Blocking Mode on? If so I would say to turn it off if the delays are a problem. Evidently I have experimented, only a little … on my XP VM I have blocking mode off at the moment (I'll switch it back on); at one of the XP boxes that I control remotely, blocking is on (I'll switch it off). I wouldn't describe any delay as a problem … rather, just fractionally out of tune with the 'fast and light' nature that's enjoyed at other times. Thanks for the advice here and in the other topics. If I don't close each one with a 'thanks' it's because I'm giving a (less chatty) green +1 instead PS I just realised, me installing the free version on a VM plus a physical machine is beyond the current total allowed — sorry — I had in mind an older table from when the only paid option was $19.95/PC. Putting this right shortly … Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.