Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???
-
@JaredBusch said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@garak0410 said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
Update on yesterday's reboot. Here is what "WebRoot" said:
The particular issue being reported is related to a wireless keyboard being in place. There are a few Microsoft wireless keyboards that the drivers can conflict with ours, at this time the workaround sent would resolve this issue however a more permanent fix is being developed.
So my wireless keyboard was at fault. We changed a setting and now it is working. I'm very impressed with their support and expanding my testing of WebRoot. .
On this same note, I have a user with webroot and a microsoft wireless keyboard. Updated to 1607 and crash loop.
Unplug the USB receiver and everything works fine.
AKA: What's the workaround that Webroot gave to you, @garak0410 ?
-
@wrx7m said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
I hope their (Sophos') endpoint software is better managed than their UTM software has been this past year. Several updates have broken some pretty important things. I have 4 pending updates because I don't see a resolution to some of the items. One update fixes something, then breaks 2 more things. The next update doesn't even address some of the issues that were broken by previous updates.
I had a cheap subscription to webroot for my personal desktop and am looking for another "sale". I installed sophos free endpoint on my parent's pcs and they haven't been having any related issues or malware infections.
Can't even compare the two. UTMs suck. And sophos UTMs is not a true sophos product. It's astaro
-
@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
We Have Sophos Enterprise here. Webroot actually uses the Sophos AV Engine. It's the consumer/small biz version of Sophos.
Is this still true?
-
@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
We Have Sophos Enterprise here. Webroot actually uses the Sophos AV Engine. It's the consumer/small biz version of Sophos.
I think of Sophos as more SMB than Webroot. PCMag compares them toe to toe. If Webroot is using the Sophos engine, which it definitely licensed ten years ago, they are doing a lot of stuff on their own, too. They have different detection rates and ratings, different approaches, etc. It's not reselling Sophos, but it might use its engine as part of the system.
-
Guess we could page @nic, too.
Not sure when the transition is happening.
-
@BRRABill Webroot is no longer using the Sophos engine. They acquired Prevx and rebuilt everything around that about 6 years back. Also I'm already at my new gig so you can page @JoshP_Webroot for any Webroot questions from here on out.
-
@Nic said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@BRRABill Webroot is no longer using the Sophos engine. They acquired Prevx and rebuilt everything around that about 6 years back. Also I'm already at my new gig so you can page @JoshP_Webroot for any Webroot questions from here on out.
I did.
Thanks, that is good to know. In addition to it being posted here a month ago, someone else said that to me yesterday, so I thought I would check.
-
@Nic said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@BRRABill Webroot is no longer using the Sophos engine. They acquired Prevx and rebuilt everything around that about 6 years back. Also I'm already at my new gig so you can page @JoshP_Webroot for any Webroot questions from here on out.
I'm guessing 6 years ago is when Webroot became the product it is today, and why I love it so much!
-
@Dashrender said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@Nic said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@BRRABill Webroot is no longer using the Sophos engine. They acquired Prevx and rebuilt everything around that about 6 years back. Also I'm already at my new gig so you can page @JoshP_Webroot for any Webroot questions from here on out.
I'm guessing 6 years ago is when Webroot became the product it is today, and why I love it so much!
Yeah Webroot scrapped all their existing traditional AV and rebuilt a new product around the Prevx technology. They also added in the brightcloud.com tech and became the product we know today.
-
@Nic said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@BRRABill Webroot is no longer using the Sophos engine. They acquired Prevx and rebuilt everything around that about 6 years back. Also I'm already at my new gig so you can page @JoshP_Webroot for any Webroot questions from here on out.
That's more or less what I thought... that they moved on past the Sophos agreement long ago.
-
@BRRABill While Webroot has implemented Sophos in the past, our engine is now entirely built by our Threat Research Team.
-
@JoshP_Webroot said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@BRRABill While Webroot has implemented Sophos in the past, our engine is now entirely built by our Threat Research Team.
From what we could gather, the Sophos Engine was used from 2006 - 2010. It's been a native Webroot engine since 2010.
-
@scottalanmiller I've only been here since 2015, but by looking back sounds like you've just about got it!
-
I used Sophos EP from to 2011-2014. During that time there was only one big hiccup where a definition update flagged a Windows system file as a virus, which sent a virus popup to our 300 users. If your settings were set to quarantine, the procedure to fix it was VERY painful.
Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?
That's the bad. The good is that I was in an environment where most users were local admins with very little content restriction, so this thing was seriously, seriously stress tested - and we never had any ransomware/serious breakouts. Everything was containable, the UI is awesome, it ties in nicely with other Sophos modules, and the client is lightweight. Support was always very good. I would recommend it.
-
@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
I used Sophos EP from to 2011-2014. During that time there was only one big hiccup where a definition update flagged a Windows system file as a virus, which sent a virus popup to our 300 users. If your settings were set to quarantine, the procedure to fix it was VERY painful.
Pretty much every AV solution has had this happen at least once. having a simple fix for people is the biggest deal. Sophos and Avast both have given simple fixes. Norton/Symantec I believe required a system restore for theirs
-
@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?
Maybe it's the version you are using, but Enterpise can you setup rules on your Sophos Enterpise console to handle it.
-
@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?
Maybe it's the version you are using, but Enterpise can you setup rules on your Sophos Enterpise console to handle it.
That's because Webroot ties into the Sophos API.
-
@coliver said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?
Maybe it's the version you are using, but Enterpise can you setup rules on your Sophos Enterpise console to handle it.
That's because Webroot ties into the Sophos API.
There is no Sophos API.. Heck an API for an AV would be a security vulnerability.
-
@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@coliver said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?
Maybe it's the version you are using, but Enterpise can you setup rules on your Sophos Enterpise console to handle it.
That's because Webroot ties into the Sophos API.
There is no Sophos API.. Heck an API for an AV would be a security vulnerability.
You're right sorry. From Sophos' site it looks like they have an SDK for their Antivirus platform that Webroot ties into? https://secure2.sophos.com/products/free-trials/sav-interface-sem.aspx May not be reading that correctly.
-
@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
There is no Sophos API.. Heck an API for an AV would be a security vulnerability.
There is a Webroot API, they talked about it at MangoCon.