Installed trial (endpoint/central) on Win7 x64 platform. Suspended Norton Security indefinitely.
2 "policy violations blocked" noted within first 30 minutes of install but checking status over last 2 weeks, there have been no further detections. Furthermore, I cannot tell what the policy violations were; it tells me there were two, but I cannot figure out where to find out what was flagged and/or what was done.
I expected the threat/violation counts to increase as this is supposed to be more thorough than Norton (signature based), but there were no changes to the threat/violation detection counts. So, I reactivated Norton to see if it found anything that Sophos might have missed - and it proceeded to start flagging and quarantining every file on the HDD starting with the oldest and working forward. Sadly, I didn't notice this at first - discovered just about 5gb of data had been removed when I checked back an hour later.
I deactivated Norton again (to stop the purge), of course, but now I'm at a loss - did Norton quarantine these because Sophos let something through, or did Sophos somehow corrupt Norton and it simply went crazy? Since I could not determine what went wrong,I uninstalled Sophos and reinstalled Norton (no further quarantining occured).
I'd expected the threat counts to increase because Norton was supposed to be ignoring the "under the radar" threats which endpoint protection was supposed to catch. I did not expect there to be zero threats at all. Since the configuration (Sophos central) site is a complete mess - unless you know Sophos at a programmer (developer) level, there is no way to tell what anything on it does or where to go to check/update settings - and, therefore, no way to know if you've configured it correctly (and could be why I'm not getting threat capture notices). The reports are worthless as they evidently only show a device total, and none of the individual detection details. NOTE: I installed Sophos endpoint and simply accepted default configuration, I did not customize any settings.
So, my question is; how do I test to see if Sophos is doing anything? Unless I can prove to myself this software is doing something, I cannot risk using it if it is in fact not. What would a "normal" threat detection count be on, say, a weekly or monthly basis? Zero just doesn't seem right.
This thread was automatically locked due to age.
