Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???
-
@Nic said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@BRRABill Webroot is no longer using the Sophos engine. They acquired Prevx and rebuilt everything around that about 6 years back. Also I'm already at my new gig so you can page @JoshP_Webroot for any Webroot questions from here on out.
That's more or less what I thought... that they moved on past the Sophos agreement long ago.
-
@BRRABill While Webroot has implemented Sophos in the past, our engine is now entirely built by our Threat Research Team.
-
@JoshP_Webroot said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@BRRABill While Webroot has implemented Sophos in the past, our engine is now entirely built by our Threat Research Team.
From what we could gather, the Sophos Engine was used from 2006 - 2010. It's been a native Webroot engine since 2010.
-
@scottalanmiller I've only been here since 2015, but by looking back sounds like you've just about got it!
-
I used Sophos EP from to 2011-2014. During that time there was only one big hiccup where a definition update flagged a Windows system file as a virus, which sent a virus popup to our 300 users. If your settings were set to quarantine, the procedure to fix it was VERY painful.
Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?
That's the bad. The good is that I was in an environment where most users were local admins with very little content restriction, so this thing was seriously, seriously stress tested - and we never had any ransomware/serious breakouts. Everything was containable, the UI is awesome, it ties in nicely with other Sophos modules, and the client is lightweight. Support was always very good. I would recommend it.
-
@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
I used Sophos EP from to 2011-2014. During that time there was only one big hiccup where a definition update flagged a Windows system file as a virus, which sent a virus popup to our 300 users. If your settings were set to quarantine, the procedure to fix it was VERY painful.
Pretty much every AV solution has had this happen at least once. having a simple fix for people is the biggest deal. Sophos and Avast both have given simple fixes. Norton/Symantec I believe required a system restore for theirs
-
@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?
Maybe it's the version you are using, but Enterpise can you setup rules on your Sophos Enterpise console to handle it.
-
@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?
Maybe it's the version you are using, but Enterpise can you setup rules on your Sophos Enterpise console to handle it.
That's because Webroot ties into the Sophos API.
-
@coliver said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?
Maybe it's the version you are using, but Enterpise can you setup rules on your Sophos Enterpise console to handle it.
That's because Webroot ties into the Sophos API.
There is no Sophos API.. Heck an API for an AV would be a security vulnerability.
-
@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@coliver said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?
Maybe it's the version you are using, but Enterpise can you setup rules on your Sophos Enterpise console to handle it.
That's because Webroot ties into the Sophos API.
There is no Sophos API.. Heck an API for an AV would be a security vulnerability.
You're right sorry. From Sophos' site it looks like they have an SDK for their Antivirus platform that Webroot ties into? https://secure2.sophos.com/products/free-trials/sav-interface-sem.aspx May not be reading that correctly.
-
@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
There is no Sophos API.. Heck an API for an AV would be a security vulnerability.
There is a Webroot API, they talked about it at MangoCon.
-
@scottalanmiller said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
Webroot API,
Hopefully it doesn't control any of the client AV.. Malware will be tying into it to disable it
-
@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
@scottalanmiller said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
Webroot API,
Hopefully it doesn't control any of the client AV.. Malware will be tying into it to disable it
It doesn't talk to the AV itself, but to a hosted service.
-
We decided to go WebRoot and I have deployed it...
-
@garak0410 said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:
We decided to go WebRoot and I have deployed it...
We've been very happy with it ourselves.
-
@garak0410 Awesome!!! Please let me know once you have a feel for it and feel free to share any feedback you have.