Sophos Clean – the sidekick among virus scanners
Sophos has what feels like 20 different AV solutions in its portfolio. Now another new product is added. With Sophos Clean, Sophos is launching a product that is intended more to complement existing antivirus solutions than to usurp sole world domination in the endpoint space.
In this blog post, I would like to introduce Sophos Clean in more detail and find out whether this product has any raison d’être at all.
Update: Sophos Clean has been integrated with Sophos Central Intercept X and can no longer be purchased as a standalone product. Sophos Clean is officially End of Sale.
Brief history
Sophos acquired Netherlands-based SurfRight for nearly $32 million on Dec. 15, 2015. With its HitmanPro product, SurfRight had one of the leading products in the fight against so-called next-generation malware (zero-day exploits, rootkits, Trojans, spyware and more). So Sophos has repackaged HitmanPro and now offers the product under the name Sophos Clean.
What is Sophos Clean?
As mentioned earlier, Sophos Clean is designed to complement already installed antivirus software and provide a professional second opinion about suspicious files. So Sophos Clean wants to be the best buddy or even “sidekick” of your existing virus scanner and help it do its job. Sophos Clean is very thorough and checks all forms of malware, including viruses, Trojans, rootkits, worms, spyware, fake software and keyloggers.
Specialist for zero-day threats and ransomware
It is important for next-generation protection not to rely on signatures. Zero-day threats and certain ransomware such as CryptoLocker can only be effectively found through built-in features such as exploit prevention, behavioral analysis or heuristics.
That’s where Sophos Clean comes in. The little “virus professor” works without signatures and uses progressive behavioral analysis, forensics, and collective intelligence to detect and remove zero-day exploits, rootkits, Trojans, spyware and other polymorphic malware, annoying cookies, and adware. This results in fewer false positives, which other signatureless next-generation anti-malware tools have problems with.
Polymorphic malware are viruses that come in x-different versions, but actually all do the same thing. They change their “shape” in order to evade current virus definitions. This technique is very often used in the current ransomware.
No installation necessary
What’s pretty cool is that Sophos Clean can be used as an on-demand scanner and doesn’t necessarily need to be installed on the system. Thus, the 11 MB EXE file can also be copied to a USB stick and executed on an infected Windows computer. In a situation where malware has tampered with the installed antivirus software and its updates, such a USB stick is particularly useful. So you always have an effective next-generation virus scanner in your pocket.
System requirements
Sophos Clean works smoothly alongside your existing antivirus software. Whether this is McAffee, Kaspersky, Symantec, Avast or any other endpoint protection. Sophos Clean puts minimal load on the computer and a quick scan is completed in less than 5 minutes.
Windows 7, 8, 8.1 and 10 are supported as operating systems (32-bit and 64-bit). The computer needs at least 1 GB of ram and must have access to the Internet so that unknown files can be uploaded to SophosLabs and analyzed during a scan.
Sophos Clean in practice
In the following video, you can see Sophos Clean in action alongside Avast Antivirus. The video is intended to show that Sophos Clean, after scanning with Avast Antivirus, finds even more threats that would not have been noticed otherwise. Among the findings of Sophos Clean are Trojans…
Conclusion
In the introduction to this blog article, I raised the question of whether Sophos Clean has its raison d’être. After some tests and writing this article, I can clearly answer yes to this question. Sophos Clean, as I said, is not intended as an alternative, but much more as a complement to an existing solution. Sophos Clean did an excellent job of this in our tests and we at Avanet can really recommend this product!
Small drop of bitterness
What Sophos Clean lacks a bit from my point of view is the central management console that one is used to from Sophos Central Endpoint Protection. For the distribution of the software on several clients, you have to come up with something yourself.
Sophos Clean in combination with Endpoint Protection
For those already using Sophos Central Endpoint Protection, we have one more piece of news, but it should be taken with a grain of salt. A little birdie told us that Sophos is working on two more models called Intercept and Ultimate in addition to the Standard and Advanced variants in the future. It is planned that Sophos Clean technology will be integrated into Endpoint Protection in the future.
Update: Meanwhile, Sophos has integrated Sophos Clean technology into its endpoint protection with Sophos Central Intercept X.
Update: Sophos Central Endpoint Protection is no longer available as a standard or advanced variant. Sophos has restructured its endpoint division somewhat.