This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AV Engine Spam and Endpoint

Hello @all,

are the antivirus engines the same for Sophos Endpoint Protection an Sophos Email Protection?

I ask because if a virus slips through the spam it usually takes a while until the new definitions have arrived at the endpoint and it would be recognized there.

Thx for the Informations



This thread was automatically locked due to age.
Parents
  • I catch 0 day files from the SEA on a daily basis - It can take 12 hours for Sophos to add them to database. I also run puremessage to help catch the files the SEA miss.

     

    The virus/email checking on Sandstorm does appear to respond differently to the results from samples@sophos.com submissions. Does anyone know why this happens?

    I would like to think they are both checked in the same way?

  • Sandstorm does not replace any sort of checking.

    what it does do ... in a nut shell..

    normally SAV will scan a file, it will get a result of YES or NO (in VERY high-level terms there definitely a lot more to it) .. Sandstorm gives SAV the ability to say "maybe"  it also adds additional logic / rule sets that automatically sends files for detonation.   (again, lot more to it but this will do)

    generally its designed for things like office documents, pdf's or similar..  without getting into the weeds.. those document formats may contain things like macros or un-scanable, un/do data or a bunch of other things specific to embed content. 

    these features help Sandstorm be an effective 3rd layer of defense in addition to the normal av scanning

     

    so theirs nothing random about it, its just that the files your seeing may not be triggering the same rules in SAV.

     

    cheers

Reply
  • Sandstorm does not replace any sort of checking.

    what it does do ... in a nut shell..

    normally SAV will scan a file, it will get a result of YES or NO (in VERY high-level terms there definitely a lot more to it) .. Sandstorm gives SAV the ability to say "maybe"  it also adds additional logic / rule sets that automatically sends files for detonation.   (again, lot more to it but this will do)

    generally its designed for things like office documents, pdf's or similar..  without getting into the weeds.. those document formats may contain things like macros or un-scanable, un/do data or a bunch of other things specific to embed content. 

    these features help Sandstorm be an effective 3rd layer of defense in addition to the normal av scanning

     

    so theirs nothing random about it, its just that the files your seeing may not be triggering the same rules in SAV.

     

    cheers

Children
No Data