A few questions have come up about what information is sent by the SAV for Mac product to Sophos. The product does send back anonymous, non-personally identifiable data to Sophos for the purpose of improved threat detection and to help us improve the software. Product version Operating System version Machine identifier that is generated randomly and uniquely for each installation On-access scan settings: on/off, archive, cleanup option Live protection: on/off Using custom scans? (yes/no, not the scan locations or exclusions) Web protection: on/off for reputation blocking, on/off for download scanning, the count of items in the Allowed Sites list (not the site names) PUA detection: on/off PUA authorizations: the names of PUAs authorized by the user (but not the filesystem locations) In each case our servers also know the source IP address of the remote computer as part of the normal network connection activity that occurs whenever one computer talks to another computer over the network. In version 9.4 we switched to sending the product feedback via HTTPS rather than DNS. The TLS certificate is validated to ensure its a Sophos server (rather than a rogue server pretending to be Sophos). We do not sell or monetize the information received from endpoints. We do not share this information with third parties. It is used internally at Sophos, and we have no way to map the "machine identifier" to a specific person or specific computer.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Information sent to Sophos by the product

A few questions have come up about what information is sent by the SAV for Mac product to Sophos. The product does send back anonymous, non-personally identifiable data to Sophos for the purpose of improved threat detection and to help us improve the software.

Product version
Operating System version
Machine identifier that is generated randomly and uniquely for each installation
On-access scan settings: on/off, archive, cleanup option
Live protection: on/off
Using custom scans? (yes/no, not the scan locations or exclusions)
Web protection: on/off for reputation blocking, on/off for download scanning, the count of items in the Allowed Sites list (not the site names)
PUA detection: on/off
PUA authorizations: the names of PUAs authorized by the user (but not the filesystem locations)

In each case our servers also know the source IP address of the remote computer as part of the normal network connection activity that occurs whenever one computer talks to another computer over the network.

In version 9.4 we switched to sending the product feedback via HTTPS rather than DNS. The TLS certificate is validated to ensure its a Sophos server (rather than a rogue server pretending to be Sophos).

We do not sell or monetize the information received from endpoints. We do not share this information with third parties. It is used internally at Sophos, and we have no way to map the "machine identifier" to a specific person or specific computer.

[unlocked by: Sure Win at 3:00 PM (GMT 0) on 26 Feb 2016]
[locked by: Sure Win at 3:01 PM (GMT 0) on 26 Feb 2016]