Home version for Mac sending out data?

To fully protect your computer Sophos for Mac (and our Windows products) compliment the signature based detection.  These days it's sometimes not enough to have just the local signatures to spot constant malware releases - you could get a malicious file on your computer before the local installation checks in for a scheduled update.  Hence to meet (even exceed) what's required these days the local Sophos AV can immediately ping back to the global servers located around the world to check for the very latest information.

• Install SAV = AV engine knows about everything from the point the installer was built and published backwards.
• Install SAV + update = your Mac has all of the signatures SophosLabs have published to date.
• Install SAV + update + live protection/web protection = your are fully protected, even from something we only just added (maybe a minute ago).

As fast as SophosLabs publishes new signature (.ide) files) it still takes a bit of time.  Then consider that your Mac is on an update schedule -- probably an hour, that's the default -- and may have just checked in, say 10 minutes ago.  Hence it won't check again for another 50 minutes.

Web protection does URL filtering (for known malicious links and pages) and browser download scanning and is constantly pinging our servers to check there isn't potential malware heading to your computer.  The amount of data uploaded will change depending on local activity on the computer, but it's just data about whether 'something' (web page, file, download, etc.) is malicious.

It's the performance/security slider - on one end is performance, on the other is security.  The defaults try to please most with maybe a slight nudge to security.  The options are there to configured as required based on personal preferences.

I hope that helps.

To fully protect your computer Sophos for Mac (and our Windows products) compliment the signature based detection.  These days it's sometimes not enough to have just the local signatures to spot constant malware releases - you could get a malicious file on your computer before the local installation checks in for a scheduled update.  Hence to meet (even exceed) what's required these days the local Sophos AV can immediately ping back to the global servers located around the world to check for the very latest information.

• Install SAV = AV engine knows about everything from the point the installer was built and published backwards.
• Install SAV + update = your Mac has all of the signatures SophosLabs have published to date.
• Install SAV + update + live protection/web protection = your are fully protected, even from something we only just added (maybe a minute ago).

As fast as SophosLabs publishes new signature (.ide) files) it still takes a bit of time.  Then consider that your Mac is on an update schedule -- probably an hour, that's the default -- and may have just checked in, say 10 minutes ago.  Hence it won't check again for another 50 minutes.

Web protection does URL filtering (for known malicious links and pages) and browser download scanning and is constantly pinging our servers to check there isn't potential malware heading to your computer.  The amount of data uploaded will change depending on local activity on the computer, but it's just data about whether 'something' (web page, file, download, etc.) is malicious.

It's the performance/security slider - on one end is performance, on the other is security.  The defaults try to please most with maybe a slight nudge to security.  The options are there to configured as required based on personal preferences.

I hope that helps.