We'd love to hear about it! Click here to go to the product suggestion community
are the antivirus engines the same for Sophos Endpoint Protection an Sophos Email Protection?I ask because if a virus slips through the spam it usually takes a while until the new definitions have arrived at the endpoint and it would be recognized there.
Thx for the Informations
the AV engine is the same, however they are meant to be used together. IMO ANY one product will not sufficiently protect against AV. a minimum of two is required (generally the gateway and desktop client) but for the best protection, something like this would be the best:
I catch 0 day files from the SEA on a daily basis - It can take 12 hours for Sophos to add them to database. I also run puremessage to help catch the files the SEA miss.
The virus/email checking on Sandstorm does appear to respond differently to the results from email@example.com submissions. Does anyone know why this happens?
I would like to think they are both checked in the same way?
In reply to Tony Smith2:
Sandstorm does not replace any sort of checking.
what it does do ... in a nut shell..
normally SAV will scan a file, it will get a result of YES or NO (in VERY high-level terms there definitely a lot more to it) .. Sandstorm gives SAV the ability to say "maybe" it also adds additional logic / rule sets that automatically sends files for detonation. (again, lot more to it but this will do)
generally its designed for things like office documents, pdf's or similar.. without getting into the weeds.. those document formats may contain things like macros or un-scanable, un/do data or a bunch of other things specific to embed content.
these features help Sandstorm be an effective 3rd layer of defense in addition to the normal av scanning
so theirs nothing random about it, its just that the files your seeing may not be triggering the same rules in SAV.