Skip to content
Avanet
Sophos Clean - The Sidekick among Antivirus Scanners

Sophos Clean - The Sidekick among Antivirus Scanners

14. JUNE 2016

Sophos already has what feels like 20 different AV solutions in its portfolio, and now another product is joining the line‑up. With Sophos Clean, Sophos is launching a solution that is designed to complement existing antivirus tools rather than attempt outright world domination in the endpoint space.

In this blog post I want to take a closer look at Sophos Clean and find out whether this product actually deserves a place on the market.

Update: Sophos Clean has been integrated into Sophos Central Intercept X and can no longer be purchased as a standalone product. Sophos Clean is officially End of Sale.

Brief background

On 15/12/2015, Sophos acquired the Dutch company SurfRight for just under 32 million dollars. With its product HitmanPro, SurfRight offered one of the leading solutions in the fight against so‑called next‑generation malware (zero‑day exploits, rootkits, trojans, spyware and more). Sophos has essentially repackaged HitmanPro and now markets the product under the name Sophos Clean.

What is Sophos Clean?

As already mentioned, Sophos Clean is intended to supplement the antivirus software you already have installed and provide a professional second opinion on suspicious files. Sophos Clean aims to be the best mate or “sidekick” to your existing virus scanner and support it in its work. To do this, Sophos Clean takes a very thorough approach and examines all forms of malware, including viruses, trojans, rootkits, worms, spyware, rogue software and keyloggers.

Specialist for zero‑day threats and ransomware

For next‑generation protection, it is crucial not to rely on signatures. Zero‑day threats and specific ransomware families such as CryptoLocker can only be reliably detected through built‑in capabilities such as exploit prevention, behavioural analysis and heuristics.

That is exactly where Sophos Clean comes in. This little “virus professor” works without signatures and uses advanced behavioural analytics, forensics and collective intelligence to detect and remove zero‑day exploits, rootkits, trojans, spyware and other polymorphic malware, as well as tracking cookies and adware. This results in fewer false positives - an area where other signatureless next‑generation anti‑malware tools often struggle.

Polymorphic malware refers to malware that exists in any number of different variants, but essentially does the same thing. It changes its “shape” in order to evade current virus definitions. This technique is used very frequently in modern ransomware.

No installation required

A particularly neat aspect is that Sophos Clean can be used as an on‑demand scanner and does not necessarily have to be installed on the system. The 11 MB EXE file can be copied to a USB stick and executed on an infected Windows machine. In situations where malware has tampered with the installed antivirus software and its updates, such a USB stick is especially useful. In other words, you always have an effective next‑generation virus scanner in your pocket.

System requirements

Sophos Clean runs happily alongside your existing antivirus software, whether that’s McAfee, Kaspersky, Symantec, Avast or another endpoint protection solution. Sophos Clean has only a minimal impact on system resources and a quick scan completes in under five minutes.

Supported operating systems are Windows 7, 8, 8.1 and 10 (32‑bit and 64‑bit). The machine needs at least 1 GB of RAM and must have Internet access so that unknown files can be uploaded to SophosLabs and analysed during a scan.

Sophos Clean in a practical test

In the following video you can see Sophos Clean in action alongside Avast Antivirus. The video demonstrates how Sophos Clean is able, even after Avast Antivirus has already performed a scan, to detect additional threats that would otherwise have gone unnoticed. Among the items detected by Sophos Clean are, among other things, trojans…

Conclusion

In the introduction to this blog post, I asked whether Sophos Clean deserves its place on the market. After several tests and writing this article, I can answer this with a clear yes. As mentioned, Sophos Clean is not designed as a replacement, but as an add‑on to an existing solution. In our tests, Sophos Clean fulfilled this role exceptionally well, and we at Avanet can genuinely recommend this product.

One small drawback

From my point of view, what Sophos Clean lacks somewhat is a central management console of the kind you are used to from Sophos Central Endpoint Protection. You have to devise your own approach for rolling the software out to multiple clients.

Sophos Clean in combination with Endpoint Protection

For anyone already relying on Sophos Central Endpoint Protection, we have some news - although it should be taken with a pinch of salt. A little bird told us that Sophos is working on two additional models, on top of the Standard and Advanced editions, called Intercept and Ultimate. The plan is for Sophos Clean’s technology to be integrated into Endpoint Protection in future.

Update: With Sophos Central Intercept X, Sophos has now integrated Sophos Clean’s technology into its endpoint protection solution.

Update: The Sophos Central Endpoint Protection is no longer available as Standard or Advanced editions. Sophos has restructured its endpoint portfolio somewhat.

Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.