Updates Sophos Endpoint Protection

I have been told that this solution is an intelligent solution, if this holds true why is it required to have all these updates everyday? 

  • There are different types of updates, ML models, these are least frequent. HMPA has supplemental .bf file updates, which is data to aid with supressing FPs of behavioural.  The main ones I guess you're speaking of is the .ide files or the detection signatures.  Some of this data is for Application Control identities, i.e. how to detect Chrome for example.  Then there is PUAs, which is similar, i.e. not malicious but an admin may want to block.  Then you have the guarantee that affords you with a signature rather than relying on behavioural of ML. Of course these are created from samples. If there is a particularly common piece of ransomware that can be blocked by a signature, I'd be more confident in that than relying on a trained model a few weeks old or hoping behavioural can block it post execution.