Linux - EDR Client - Will it be able to work alongside AV?


Pretty odd detail that the new EDR client for Linux does not work with the AV client - why is that? just for EAP or is that the intention of the software going forward?

  • Hi Alex,

    The AV client for Linux, SAV for Linux is being replaced with a new ML based detection engine in the new Linux agent that runs EDR. We are due to launch this new AV component in the new year to EAP; at that point you will have EDR & AV all in one new agent. 


  • So the AV Plugin has been released BUT its only for OnDemand Scanning?? What are the intentions here?? On-access scanning is a requirement for an AV agent... With Sophos for Linux now you have to choose between having EDR capabilities with On-Demand scanning (with ML) OR Standard On-Access Scanning? 

    What are the plans for the Linux client? Is this On-Demand Scanning just a stepping stone and modern on-access scanning is being developed?

    Having two clients that do different things is not ideal.

  • Hi Alex,

    For now, any customer that has a requirement to run OnAccess AV scanning on their Linux devices, they need to run Sophos Anti-Virus (SAV) for Linux. 

    Many other customers are happy to run the tools provided with EDR and run their AV scans as part of a scheduled scan On Demand. 

    The Sophos Protection for Linux client is our new agent and this AV release is the first of many! 

    Thank you for your feedback.