Immunet with Sophos Home Plus

[Donavyn]

I didn't see that endpoint listed as 'compatible' with Immunet, however I do have it installed on a test environment and everything seems to be running smoothly.

Can anyone tell me differently?  I run Sophos Home (Subscription version), so any information is appreciated.

[ritchie58]

Hello Donavyn and thank you for your interest in Immunet!

As you mentioned Sophos Home Plus is not listed as an AV package that has been "officially tested" for compatibility. However there's many AV's that were never tested but are still considered unofficially compatible.

Just because an AV is not listed officially or unofficially compatible doesn't mean it's necessarily "not" compatible. I personally have Immunet running as a companion AV to Panda Dome Pro for instance. That AV is not listed either but they work great together. Immunet & Panda were the first two "cloud based" AV's to ever be developed btw!

I strongly recommend you do create a custom Exclusion rule with Immunet for Sopho's "entire Program Files folder" and create a exclusion/exception/allow rule with Sophos for Immunet's "entire Program Files folder" as well. This can greatly decrease the likelihood of conflicts occurring between the two AV's.

One other thing, since you're running a paid product along side of Immunet you might want to consider not using the ClamAV module and updates for it. That has always been the recommendation when using a paid AV product with Immunet.

That's the way I have Immunet configured to run with Panda Dome Pro, I use just the ETHOS & SPERO cloud engines. That can (sometimes significantly) improve upon system performance & resources being utilized since ClamAV is a bit redundant in that type of layered AV security setup anyway.

Then again, since you are testing you could experiment if you want to see how much additional CPU/RAM usage occurs with and without ClamAV enabled. If ClamAV proves to be acceptable then I don't see the harm with continuing to use it as it will provide an additional layer of security.

I hope this info helps and it would be great if you can let us know how your testing went!
Best wishes & stay healthy, Ritchie...

[Scats]

Hi Donavyn,

I have had success with Immunet playing nice with quite a few AVs not listed. I build and maintain systems as a side gig and Immunet has been a go to for low-power systems. I am finally giving it a go on my main build, so far its playing nice and so is my AV( Malwarebytes ) Adding custom Exclusion rules has saved me a lot of headaches from AVs conflicting. While I haven't tried Sophos Home with Immunet yet I imagine it should run fine with Exclusion rules set up in both AVs. I  I usually turn Clam off as it is a bit resource heavy, but I have been testing it with my main AV and doesn't slow my system down in any noticeable way, I'll update after a bit more testing. I am running a Ryzen 3900 and 32 gigs of 3600mhz ram thought, so not much slows it:)      

[ritchie58]

Hi Scats,

Speaking of low-power systems there are some devices, such as notebook & tablet computers, that have very minimal CPU/RAM system resources may not be able to efficiently run Immunet.

It is recommended that ClamAV be turned off if using a paid product but that is entirely up to the user of course. Like I mentioned if ClamAV is not hogging up to much resources then why not use it.

You have 32 gigs of RAM with your rig? Wow! "You could run multi-threaded 3D rendering, CAD and other intensive applications that require tons of memory, very cool!"

Regards, Ritchie...
P.S. - I've built a few rigs from the ground up over the years myself.

 

[Donavyn]

Thanks everyone for their input.  In my test environment I'm seeing no issues between the two applications as of yet.  Sophos Home Pro and Immunet are functioning without any added configuration to quell any false positives.

So far so good!

[Scats]

Thanks Ritchie!

I should have been a bit more specific with "low power" like HTPCs and basic builds   I have been a fan of Immunets cloud ability's for a while.

Yeah my personal build is a bit overkill 

Donavyn,

I set up a VM to test Sophos with immunet and my results are pretty good like yours. I did run in to a bit of slow down with opening larger programs, but turning off monitor program start seemed have fixed it. Have you run in to that? Could have just been me as I only allocated 4 gigs ram to it. I usually keep that setting on though. Other then that it seems to work very well with both AVs running. I'll keep testing it for a bit to see if anything under different scenarios  else come up.    

[ritchie58]

That's great you also want to do some testing of Sophos too Scats!

I still strongly recommend you add those exclusions to both AV's Donavyn. That really can go a long way in avoiding "possible future conflicts!"

I have Monitor Program Start disabled for similar reasons too. If enabled that setting can slow down an .exe from launching. I use a few other security/monitoring apps besides my firewall & AV's. I noticed that having Monitor Program Start enabled would sometimes interfere with these apps from launching properly (or not at all) at boot-up. No problem if this setting is disabled.

I have an idea for you guys! If you haven't done so already, why not try some different types of scans with Immunet (Flash, Custom, Full) to see how the performance & resources are affected while pared with Sophos Home Plus.

Not a bad idea to run some scans with Sophos too for comparison. Just an idea but that would give you a more comprehensive test in my opinion.

Cheers, Ritchie...

[zombunny2]

I used Immunet alongside Sophos Home for maybe a year on a Windows 10 rig. It was probably the most stable and quick combination I've ever used - and that was with the ClamAV engine enabled as well! They never clashed once, even on files they could both detect. For ages I never bothered adding each to the other's exclusion list, and they played fine together. I eventually added each one's "program files" folders to the other's exclusion-list, when Sophos eventually got a false positive on one of Immunet's temporary files (I had ClamAV enabled). I think I also had to add another Sophos folder (somewhere inside "c:\programdata") to Immunet's exclusions. The combo was great and never gave me an issue once. Speed was similar to running just Windows Defender. The only way I could get quicker performance was to turn off ClamAV or switch to running just Kaspersky or F-Secure on its own.