On-Premise Endpoint

Sophos Endpoint Software File Reputation "Insight"?

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 11 replies
Subscribers 1 subscriber
Views 4879 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

File Reputation "Insight"?

ricdgr over 12 years ago

Hi there,

Does "Live Protection" works like a very fast way to distribute signatures, or like a reputation database?

Does SOPHOS has any comparable "reputation system" like Insight?

Is there anythink like it on a near term roadmap?

Thanks

This thread was automatically locked due to age.

Parents

0 ricdgr over 12 years ago

Hi,
Your post was quite informative.
As far as I understood, Live Protection can only be used for "suspicious files".
When I speak about whitelist or reputation, I'm looking for the following features:
1 Only run files for known products or with a good reputation
2 Don't scan files that are known to be good (but as far as I can see, SOPHOS only whitelists known windows OS files).
Without [1], we have to wait for SOPHOS to classify a file as a threat, or hope for the HIPS rules to work. Competing products use the "number of installation" or "file older than" to prevent a file from running, to combat server side polymorphism (files that are quite unique and known for <1 day/hour).
Regards,
Ricardo
:41737
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ricdgr over 12 years ago

Hi,
Your post was quite informative.
As far as I understood, Live Protection can only be used for "suspicious files".
When I speak about whitelist or reputation, I'm looking for the following features:
1 Only run files for known products or with a good reputation
2 Don't scan files that are known to be good (but as far as I can see, SOPHOS only whitelists known windows OS files).
Without [1], we have to wait for SOPHOS to classify a file as a threat, or hope for the HIPS rules to work. Competing products use the "number of installation" or "file older than" to prevent a file from running, to combat server side polymorphism (files that are quite unique and known for <1 day/hour).
Regards,
Ricardo
:41737
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data