3CX DLL-Sideloading attack: What you need to know

Sophos "elevated" Sandstorm license for home users.

Sorry to SPAM, I asked this question in the UTM 9 forum and have yet to get a reply.  I am hoping for a better luck here.

Does anyone know how a person with a home license would go about seeking the "elevated" features of sandstorm with the home license?  Can it be added as a second license or is the "elevated" sandstorm license incorporated into the UTM license?   Also, if a home user can purchase an "elevated" sandstorm add on, how/who does one do that and through whom?

  • There is currently no option planned for Sandstorm for home users. We are considering a number of options for the future, however as if now there is none available for home use.

  • Jan, I think Sophos needs to keep in mind the amount of information you will be able to aggregate by making Sandstorm available to the Home product. Then the home/consumer community essentially becomes the engine that drives the success of your Commercial component by it being much more data rich..

    Just my 2 cents if this makes sense..

  • Currently using sandstorm on my home licence. Nothing found so far. I configured this as an attempt to reduce the junk/risky emails we receive, I found a limitation that will affect most home users and small businesses that don't have their own mail server. You cannot scan IMAP/S mail and I am not sure about POP3S connections.

    Your 2 cents and my 10 cents don't buy us anything, but might prompt someone to action this for the next release.


    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

  • I have been in school and out of touch with the progress that Sophos has been making with the UTM, so forgive me if I am wrong on this.

    I agree that the home users will provide a huge amount of benefit to Sophos and the community as a whole. Not so much in email, as I am sure most of them will be using POP3 or IMAP (not sure why this can't be covered), but in the downloads via the web. I have a malware hunting lab and I submit new malware all the time that gets by AV. By uploading these through Sophos,Sandstorm, long before I send it off to AV companies, Sophos could be ahead of the game. Granted I am just one person, but people download malware all the time, especially when they are unpatched and exploit kits hit them. Right now EK's are starting more and more to serve up ransomware.

    Of course, this assumes that web downloads that are executable would be sent up to Sandstorm.