A new policy option now sets the default action on detection of ransomware to terminate the process. We have kept the option to only isolate a process should you wish to keep using the setting from CryptoGuard 4.
This new release is a design change in how our ransomware detection works; resulting in Sophos detecting more ransomware families and protecting more file types and sizes.
The software release to support CryptoGuard 5 has already released; we will be migrating customers over from CryptoGuard v4 to v5 starting in February. As with all of our feature enablement, it will be done in small batches and you can control the change in action via the Sophos Central policy.
Thanks Stephens, I appreciate your quick response.
Hi Sinan, you are correct that it is a lot more than just the option to terminate processes. However, given the IP that is in the changes we do not have a document the architectural changes that we have made. I can share that:* it's faster* It catches more complex ransomware attacks* We've enhanced exclusions* We protect more files than ever beforeThis new version has been running in our Early Access Program for a while and we've seen some great results. Thank you for your interest in these changes.
Hi Stephen, do you have a document that can be shared with the public as to what exactly changes with Cryptogurad 5? I am sure it isn't just terminate/isolate options so understanding and digesting better would be helpful. Thanks in advance.