I caught Sophos Mac Home having sent out 150MB of data. Is this program intended to send out any type of information? If so, what is being sent out?
I've removed the software for now.
This thread was automatically locked due to age.
ruckus wrote:
...Web protection does URL filtering (for known malicious links and pages) and browser download scanning and is constantly pinging our servers to check there isn't potential malware heading to your computer. The amount of data uploaded will change depending on local activity on the computer, but it's just data about whether 'something' (web page, file, download, etc.) is malicious...
v8media's question caught my attention too. Constant comparison of currently accessed links and pages for newly discovered malicious content by pinging your servers is understandable in the "live protection/web protection" context but not 150 MB's worth. Am I correct in thinking that the "data" sent is the result of scanning and detecting something matching newly flagged malware and/or the malware itself for analysis at your end? Or is Sophos uploading a freshly obtained "file, download, etc" for real-time checking at your end just in case, which could cover a lot of territory.
ruckus wrote:
...Web protection does URL filtering (for known malicious links and pages) and browser download scanning and is constantly pinging our servers to check there isn't potential malware heading to your computer. The amount of data uploaded will change depending on local activity on the computer, but it's just data about whether 'something' (web page, file, download, etc.) is malicious...
v8media's question caught my attention too. Constant comparison of currently accessed links and pages for newly discovered malicious content by pinging your servers is understandable in the "live protection/web protection" context but not 150 MB's worth. Am I correct in thinking that the "data" sent is the result of scanning and detecting something matching newly flagged malware and/or the malware itself for analysis at your end? Or is Sophos uploading a freshly obtained "file, download, etc" for real-time checking at your end just in case, which could cover a lot of territory.