Jamf Nation Community

relyk · ‎06-08-2023

I have deployed a Jamf Protect plan to one of our computers. Following the instructions here: https://learn.jamf.com/bundle/jamf-protect-evaluation-guide/page/Threat_Prevention_with_Jamf_Protect...

I run the program and it gets blocked. However, we I run any of the tests at https://www.wicar.org/test-malware.html there is no detection from Jamf Pro.

What is the limitation of Jamf Protect and how much does it do to protect against malware, viruses, etc. For comparison, we currently use Sophos and that passes every test we have tried.

c0lte · ‎06-16-2023

Hi relyk, we also currently use Jamf Protect alongside Sophos and both detect and block the threat. What is interesting is that one of the products detect the threat first before the other. Sophos may detect it first and removes it before Jamf Protect can alert of the said threat and can't block it due to it already being removed by Sophos. Same way goes for the scenario if Jamf Protect detects and blocks it first before Sophos does.

I'd be interested in hearing how your configuration is setup. Did you have issues with Sophos blocking the Jamf Protect installation and population of the agent without any alerts from Sophos? I discovered it was cryptoguard and flagged as ransomware and I've been trying all types of exclusions without any luck. Any feedback from you or anyone else would be greatly appreciated. Thanks!

relyk · ‎06-19-2023

We recently have deployed Jamf and we were hoping to get move fully get rid of Sophos and rely solely on Jamf Protect as a way to save money. However, after more research and messaging with Jamf, I am not sure how likely that will be. Jamf Protect has no "scanning" features like Sophos does. This is important because we like to be able to scan individual files or run full system scan to have confidence our machines are safe.

Jamf Nation Community

Inconsistent Blocking