In V9.7 it was recommended to deny access only, not cleanup automatically, in your On-Access Scan settings. In 10, that was changed and it is now recommended to set it to cleanup automatically. In case you weren't a Sophos customer in 2012, the Shh/Update-B false positive incident turned into a NIGHTMARE for anyone who had automatic cleanup enabled. Basically, lots of legit files got deleted all over the place. Read through the comments in that link if you weren't around for it. I'm not knocking the incident, every A/V vendor has probably had a bad false positive incident. But at the time, you were far better off if you didn't have automatic cleanup enabled. The fact that that was the official policy recommendation seems to me like Sophos' biggest saving grace in that incident. So I feel like Sophos is kind of saying "Hey we know that one time was a total disaster, but it shouldn't happen again, so go ahead and turn this on now." I mean, so far so good, that was 5 1/2 years ago. But I don't personally see what has fundamentally changed that makes it prudent to now use automatic cleanup when it's the only thing that saves you in a false positive scenario, regardless of who the vendor is. Just seems like an accident waiting to happen. Am I just being paranoid?
This thread was automatically locked due to age.