Sophos has 20 different AV solutions in its portfolio. Now a new product is added. With Sophos Clean, Sophos is bringing a product to market that is designed more to supplement existing anti-virus solutions than to take over the world’s endpoint dominance.

In this blog post, I would like to take a closer look at Sophos Clean and see if it has any raison d’être at all.

Update: Sophos Clean has been integrated into Sophos Central Intercept X and can no longer be purchased as a standalone product. Sophos Clean is officially End of Sale.

Brief prehistory

On 15 December 2015, Sophos acquired the Dutch company SurfRight for almost 32 million dollars. With the product HitmanPro SurfRight had one of the leading products in the fight against so-called Next-Generation Malware (Zero-Day Exploit, Rootkits, Trojans, Spyware and more). So Sophos has repackaged HitmanPro and is now offering the product under the name Sophos Clean.

What is Sophos Clean?

As mentioned earlier, Sophos Clean is designed to supplement antivirus software already installed and to provide a professional second opinion on suspicious files. So Sophos Clean wants to be the best buddy or “sidekick” of your existing virus scanner and support it in its work. Sophos Clean does this very thoroughly, controlling all forms of malicious software, including viruses, Trojans, rootkits, worms, spyware, counterfeit software and keyloggers.

Specialist for Zero-Day Threats and Ransomware

It is important for Next-Generation-Protection that it is not dependent on signatures. Zero-day threats and certain ransomware such as CryptoLocker can only be effectively detected by the integrated functions such as exploit prevention, behavioral analysis or heuristics.

This is where Sophos Clean comes in. The little “virus professor” works without signatures and uses progressive behavioral analysis, forensics and collective intelligence to detect and remove zero-day exploits, rootkits, trojans, spyware and other polymorphic malware, annoying cookies and adware. This results in fewer false positives, which other signatureless next-generation anti-malware tools have problems with.

Polymorphic malware are viruses that exist in x-various versions, but actually all do the same thing. They change in “shape” to bypass current virus definitions. This technique is very often used with the current Ransomware.

No installation necessary

What’s pretty cool is that Sophos Clean can be used as an on-demand scanner and does not necessarily have to be installed on the system. The 11 MB EXE file can also be copied to a USB stick and run on an infected Windows computer. In a situation where malware has manipulated the installed antivirus software and its updates, such a USB stick is particularly useful. So you always have an effective next-generation virus scanner in your pocket.

System requirements

Sophos Clean works fine alongside your existing anti-virus software. Whether it’s McAffee, Kaspersky, Symantec, Avast or any other endpoint protection. Sophos Clean places minimal load on the computer and a quick scan takes less than 5 minutes.

The operating systems supported are Windows 7, 8, 8.1 and 10 (32-bit and 64-bit). The computer requires at least 1 GB of RAM and must have access to the internet so that unknown files can be uploaded to SophosLabs and analyzed during a scan.

Sophos Clean tested in practice

The following video shows you how to use Sophos Clean alongside Avast Antivirus. The video is intended to show that Sophos Clean, after scanning with Avast Antivirus, finds even more threats that would otherwise not have been noticed. Sophos Clean’s findings include Trojans, among others…

Conclusion

In the introduction to this blog article, I raised the question of whether Sophos Clean has any raison d’être. After some testing and writing this article, I can clearly answer that question with Yes. As I said, Sophos Clean is not intended as an alternative, but much more as a complement to an existing solution. Sophos Clean has done an excellent job in our tests and we at Avanet can only recommend this product!

Small drop of bitterness

What I think Sophos Clean lacks a little is the central management console we are used to from Sophos Central Endpoint Protection. To distribute the software across multiple clients, you have to come up with something yourself.

Sophos Clean in combination with Endpoint Protection

For those of you who already rely on Sophos Central Endpoint Protection, we have some news, but it should be taken with caution. A little birdie told us that Sophos will be working on two more models called Intercept and Ultimate in the future, added to the standard and advanced variants. It is planned that Sophos Clean’s technology will be integrated into Endpoint Protection in the future.

Update: Meanwhile, with Sophos Central Intercept X, Sophos has integrated Sophos Clean technology into its endpoint protection.

Update: The Sophos Central Endpoint Protection is no longer available as a standard or advanced variant. Sophos has restructured its endpoint section.

If you would like a second opinion on Sophos Clean after reading this article, you will find all the information you need in the Sophos data sheet below:

• Sophos Clean - Data sheet