Sophos Anti Virus Download

0 views
Skip to first unread message

Clara Zellinger

unread,
Aug 4, 2024, 7:07:37 PM8/4/24
to rianokarre
Keepmalware at bay with a deep malware scan that unearths hidden threats and removes them from your computer. AI threat detection capabilities leverage security intelligence to protect your PC from never-before-seen malware before it has a chance to create havoc. Sophos Home for Windows also uses cutting-edge ransomware technology to protect personal information. It stops unknown processes from encrypting your data and rolls back all changes.

With Sophos Home, you get protection for the whole family, which can be managed easily with a cloud-based interface. This security solution delivers enterprise-level web protection and parental web filtering for a safe and secure web-browsing experience.


A constantly growing threat landscape demands the same breadth of security that can mitigate all kinds of risks. The focus should be on deploying an antivirus that delivers comprehensive security ROI, and plugs all gaps that can be exploited by cybercriminals. You need protection against phishing attacks launched via emails and phishing websites, advanced anti-ransomware technology and predictive AI backed threat protection and much more. Threats have a nasty habit of sneaking into a PC, exploiting minimal security gaps. This is why third-party security like Sophos Home antivirus is a great way to keep your computer safe.


All clients have had their previous antivirus uninstalled using the same method. While deploying Intercept X on a few remaining clients the installer is failing. I have verified that the old antivirus is completely removed and even ran the manual uninstall tool that is provided. The Sophos logs show the following when attempting to install Intercept X:


I will give the Sophos the benefit of the doubt for the moment and go by the logs. However, there is no trace on my side of this version of Trend Micro being installed on the client (I've looked). Does anyone know where in the Sophos logs that might point to the paths of where it detected the old antivirus is installed? Any other suggestions are more than welcomed as this is where Sophos Support team keeping saying "uninstall the old antivirus.", but I that isn't an available option as it doesn't exist.


I understand that you'd like to see what parts of TM were detected during the sophos installation. I'd prefer to see that in the sophos install logs, too. Probably because of some compliance stuff they cannot provide you that information here.


The path to the ProductCatalog.xml was brilliant. Once I was able to look in that location I was able to see that this was the culprit: 0A07E717-BB5D-4B99-840B-6C5DED52B277 within the registries. By removing it, I was able to install Intercept X with no problem. Thanks for the help.


Seems like a bit of a blunt answer to any and all issues with security software blocking the exam. "There may be problems...why not disable the whole thing". Obviously, from a security position, it is never recommended to disable your antivirus software. However, it's your choice at the end of the day (if it is your own computer and you are allowed to do it). You posted on the General forum so it's hard to judge which Sophos Anti-Virus software you have.


Sophos has different antivirus software versions (Windows, Mac, locally controlled, centrally configured by a web console). However to disable it depends on what version you have. Since you mention Mac OS and a home installation that narrows it down a bit. However, it could still be centrally controlled, say through the Sophos Home web console, or locally.


If you're using Sophos Home your would have to log into the dashboard and drill down to your computer and toggle the AV to off and then wait a minute for the setting to be relayed to the computer. Example...


skimming through the documentation on the site I conjecture that the software has anti-cheating functionality ("secure exams") - e.g. closing applications that have windows open, checking if it's in a VM. Doesn't go too well together with AV. And they clearly state *While it is our recommendation and best practice to disable your antivirus programs before each exam, please be sure to re-enable your antivirus program following each exam. Might rephrase that as just before each exam.

So IMO it's not your average there may be problems.


Is there a way to disable on-access scanning in any of the modern versions of the Sophos Mac client without needing network access, accessing the cloud UI, and then waiting for the server to update the client? I still use 9.6.5 because it has the On-access Scanning Preference, and other Preferences that don't rely on a network connection when I want to temporarily change them.


The UW license for Sophos Central grants protection for many computers. This suite provides a web-based console to deploy and manage client applications and protection policies for your department/unit.


The Sophos Central Console should be used to deploy and manage protection for large groups of UW-owned devices. The UW license for this product is provided to the department free of charge.


Do I have to first uninstall other anti-virus software before installing the Sophos product?Usually, yes. The Sophos installer will usually find and remove older versions of Sophos successfully. Still, anti-virus software from other vendors should be removed, following the procedure recommended by the vendor, before the Sophos software is installed.


Sophos Central, a web-based Enterprise Console, is available to UW departmental IT and system administrators to install and manage Sophos Endpoint Protection on their departmental computers free of charge.


The problem is that even when I stop this service via System Services > Services, some hours after the service restarts due to the /scripts/avira_post_update.sh that updates signatures and starts the service again.


the script is launched by the pattern updates which occurs every 2/4 hours (it depends on your pattern update interval). If you disable the anti-virus engine under services from GUI, the service starts again?


So now Avira script will not run anymore (for now) and the service remains stopped by just disabling it from the GUI (as long as the appliance doesn't reboot, because it will start the service again).


Yeah, if there is a firewall rule using HTTP/HTTPS scanning enabled with the anti-virus service disabled, some websites won't open due to a "security risk detected". It is important to make it clear. [Y]


I have Sophos antivirus and when I create a rule with the vulnerability protection set to Strict, it blocks my connection to sophos server for updates. Once I relax the VP rule, it looks fine. Interestingly, I cannot see anything in the traffic/threat logs as well.


If you are not comfortable with setting all levels to Alert you can set them to Block (since this is just debug) - blocked traffic should be logged if you have set the "log on session end" (I guess "log on session start" wont pickup any threat).


However isnt the Threat log on its own not depending on what the security rule itself is set to? I mean I though the security rule was regarding Traffic logging. If a vuln should log or not is set in the vuln profile itself (such as Alert means log only while Block means block and log, while Allow will not log at all (for this you use Alert instead)).


Mikand - I was under the impression that Vuln profiles with specific actions set does log the events under Threat Monitor. None of the profiles have allow as an action, so I would ideally expect to see everything being logged in. But that is not the case. For some reason I cannot see any traffic or threat logs for Sophos updates. But upon disabling the rule, the updates work but still nothing in the traffic or threat logs


Did you try the suggestion that Mikand gave to create a new VP profile and set everything to alert? Have you updated the the application and threat signatures to the latest? Each CVE has an associated default action (allow, alert, reset, block). If you don't see anything in the threat log going to the dst address of sophos even after setting everything to alert, then It should not get blocked at any setting. If you do see it after setting everything to alert (like under informational threat) check to see what the CSV is set to as default for that CSV. If you don't see anything, I would open a case with TAC.


Users that reported this issue through support tickets have mentioned that after reinstalling the latest versions of their antivirus, as well as the Dropbox desktop application, the message doesn't appear anymore and the issue is resolved.


Did this post help you? If so please give it a Like below.

Did this post fix your issue/answer your question? If so please press the 'Accept as Best Answer' button to help others find it.

Still stuck? Ask me a question! (Questions asked in the community will likely receive an answer within 4 hours!)


I suspect it may very well be a legitimate file/update to the Dropbox Program, or it could be a trojan ransomware virus monster from hell. How do I confirm through Dropbox.com, or wherever, if it's legitimate.

3a8082e126
Reply all
Reply to author
Forward
0 new messages