Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???

Jason

@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?

Maybe it's the version you are using, but Enterpise can you setup rules on your Sophos Enterpise console to handle it.

coliver

@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?

Maybe it's the version you are using, but Enterpise can you setup rules on your Sophos Enterpise console to handle it.

That's because Webroot ties into the Sophos API.

Jason

@coliver said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?

Maybe it's the version you are using, but Enterpise can you setup rules on your Sophos Enterpise console to handle it.

That's because Webroot ties into the Sophos API.

There is no Sophos API.. Heck an API for an AV would be a security vulnerability.

coliver

@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

@coliver said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

@TAHIN said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

Also (somewhat) annoying was some of the manual intervention I had to take to remediate an infection. Sophos would alert me of the infection on the dashboard but said that no action could be taken and it would have to be manually deleted, so I went to the path in the alert and deleted I manually. I thought this strange so I reached out to tech support, who verified that the Sophos client service was not able to automatically remove or quarantine a somewhat trivial file in some specific paths. It was not amazing at detecting a threat before it made it onto the filesystem... maybe there's no minifilter driver?

Maybe it's the version you are using, but Enterpise can you setup rules on your Sophos Enterpise console to handle it.

That's because Webroot ties into the Sophos API.

There is no Sophos API.. Heck an API for an AV would be a security vulnerability.

You're right sorry. From Sophos' site it looks like they have an SDK for their Antivirus platform that Webroot ties into? https://secure2.sophos.com/products/free-trials/sav-interface-sem.aspx May not be reading that correctly.

scottalanmiller

@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

There is no Sophos API.. Heck an API for an AV would be a security vulnerability.

There is a Webroot API, they talked about it at MangoCon.

Jason

@scottalanmiller said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

Webroot API,

Hopefully it doesn't control any of the client AV.. Malware will be tying into it to disable it

scottalanmiller

@Jason said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

@scottalanmiller said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

Webroot API,

Hopefully it doesn't control any of the client AV.. Malware will be tying into it to disable it

It doesn't talk to the AV itself, but to a hosted service.

garak0410

We decided to go WebRoot and I have deployed it...

scottalanmiller

@garak0410 said in Sophos or WebRoot Cloud Endpoint Advanced - Any Thoughts???:

We decided to go WebRoot and I have deployed it...

We've been very happy with it ourselves.

JoshP_Webroot

@garak0410 Awesome!!! Please let me know once you have a feel for it and feel free to share any feedback you have.