Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 13 subscribers
  • Views 558 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Updates Sophos Endpoint Protection

Kevin Rawnsley

I have been told that this solution is an intelligent solution, if this holds true why is it required to have all these updates everyday? 



This thread was automatically locked due to age.
  • 0

    There are different types of updates, ML models, these are least frequent. HMPA has supplemental .bf file updates, which is data to aid with supressing FPs of behavioural.  The main ones I guess you're speaking of is the .ide files or the detection signatures.  Some of this data is for Application Control identities, i.e. how to detect Chrome for example.  Then there is PUAs, which is similar, i.e. not malicious but an admin may want to block.  Then you have the guarantee that affords you with a signature rather than relying on behavioural of ML. Of course these are created from samples. If there is a particularly common piece of ransomware that can be blocked by a signature, I'd be more confident in that than relying on a trained model a few weeks old or hoping behavioural can block it post execution.

Unfiltered HTML