Skip to content

Sophos CleanIf you think your antivirus alone is enough to stay safe from today’s advanced malware threats, you might want to get a second opinion.

Today’s malware is difficult to detect, difficult to remove and difficult to recover from. We estimate that less than 10% of all the new samples analyzed by SophosLabs is previously known malware. You wouldn’t want to gamble with those odds, and you surely don’t want to gamble with your endpoint security.

Sophos Next-Generation Endpoint Security uses signature-less threat detection and response capabilities to better protect you against zero-day attacks, advanced threats and crypto-ransomware that can evade traditional, signature-based endpoint products.

Now we’ve added another tool to our arsenal. We’re calling it Sophos Clean, the next generation of malware detection and removal tools.

When Sophos acquired SurfRight last December, we knew we were getting a great company with innovative technology to complement our industry leading, next-gen endpoint protection solution.

As an added bonus, we acquired SurfRight’s popular HitmanPro malware scanning and removal tool, used by more than 23 million users worldwide. Among its industry accolades, HitmanPro recently received a Q1 2016 MRG Effitas 360 Degree Assessment award, one of just five products certified for neutralizing and successfully remediating all threats in real-world testing.

Now we’ve built Sophos Clean on top of the cutting-edge HitmanPro technology, using progressive behavior analytics, forensics and collective intelligence to discover and remove all traces of malware threats that your antivirus might miss.

Resilient malware attacks critical system files or boot records to manipulate Windows and antivirus software – even before the operating system boots. Sophos Clean can remove persistent threats from within the operating system and replace infected Windows resources with safe original versions. Reinfection attempts are proactively blocked until threat remediation has finished.

Sophos Clean is certainly thorough, but it’s also fast.

With a minimal footprint of just 11 MB, Sophos Clean can scan and remediate infections in less than five minutes, because it can immediately distinguish safe applications from malicious software through advanced behavior analysis. And it checks against our Sophos cloud database of trusted applications, reducing instances of false positives.

The on-demand scan does not need to be installed, which is particularly useful in cases of ransomware infection or in situations where malware is manipulating the installed antivirus software and its updates.

Sophos Clean runs alongside any anti-malware protection you already have. You can scan directly from a USB flash drive, CD/DVD or network attached storage.

Simple. Fast. Clean.

Try a 30-day free trial of Sophos Clean today.


Does this not come as an addition to Sophos Endpoint control, or is it extra? is this also included in the Cloud option?


Hi Gary, Thanks for your question. It’s a separate clean up/malware removal tool and isn’t part of Endpoint. You can download it for free and manually run it on your endpoints, or automate it through the command line. If you need to clean up something nasty it will activate the 30 day free trial. Hope that helps.


Today’s threats are mostly malware. By announcing this you’re in effect showing a lack of confidence in Endpoint’s ability to clean up Malware that you needed to buy another company’s product to finish the job.

It doesn’t instil confidence in Endpoint for Sys Admins, especially when it is such a resource hungry product.


Hi Steve, Sophos Clean is primarily designed for folks not using Sophos Endpoint who have a malware problem. It provides them a second opinion on what their product may have missed and helps clean them up if they are in trouble. It’s command line capable, so it can be triggered by external tools such as remote management or security operations tools. We have got some amazing tech born in Surfright, built in Sophos, coming to Sophos Endpoint soon.


As a network admin/Sophos Endpoint admin, with locally managed, and cloud managed sites, I expect all this functionality will be built into your Endpoint AV solution.

Do what you must with the price, but don’t start making Total Security something that requires “add-on’s”.

One price please, with all the latest security you can muster.




AV has been a waste of resources for some time now, anti-malware and anti-ransomware are the things to be running. Sophos Clean (which is actually SurfRight HitmanPro) really needs to be resident rather than having to be run manually, I am hoping that HitmanPro 3.5 will bring this.

Oh and if it is a rebranded HitmanPro then the built in scheduler doesn’t work if your aren’t a local admin and that is really dumb, You have to use the Windows Task Scheduler and command line to automate scanning. Sort this out SurfRight/Sophos, users shouldn’t be local admins on their computers!

I believe that the Sophos branded HitmanPro.Alert is some time off yet, so you are still at risk from ransomware.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!