Sentinel recognises many more problems than Sophos - it is therefore possible that a warning is issued immediately after installation stating that a "threat has been detected and the computer has been disconnected from the network by default".

In this case, it is almost certainly really a malicious file that has not been recognised by Sophos, so it may have been up to mischief for some time. Secondly, the computer really is cut off from the network at the moment (except for the connections of the Sentinel client itself). This can only be reset by the central IT services (servicedesk@uol.de or -5555).

At the moment of detection, the responsible employees are notified directly by Sentinel and take care of the problem immediately. This is done remotely without having to do anything locally. Messages appear on the screen saying 'File moved to quarantine', 'Threat reset' ... and the computer is allowed network access again.

Especially after the weekend and now at the start of the Sentinel rollout, this can take some time due to the large number of messages. A pool computer can be borrowed at short notice for this period. It also makes sense to open a ticket or contact us by telephone to bring your own case forward - with reasons!

The statement of the Data Protection and Information Security Unit and the HRZ is relatively clear: Sentinel One should be installed on all university-owned devices - Sentinel One may not be installed with the university licence on other computers used for official purposes that are not the property of the university. However, adequate protection must be provided - also on uni devices on which Sentinel is not to be installed.

However, neither of them makes explicit recommendations, so what additional protection against viruses and other threats should I choose if Sentinel is not an option?

Due to a lack of experience (nobody in ICBM-IT really uses Windows ;) ) here is just a short "random" compilation of a few points:

• Windows Defender (integrated in MS Windows) was at times almost so good that it could be used as the sole system protection, but is now far behind in most comparisons.
• Additional protection is also highly recommended on the Mac - a major gateway are PDFs and Office documents and the "convenience functions" they contain, as well as browser vulnerabilities that affect all operating systems.
• Although Kaspersky has very good detection performance, it is also viewed critically by the BSI due to its headquarters in Moscow.
• Norton provides good detection performance but penetrates very deeply into the system and can also become intrusive.
• Avast and AVG are products that usually come off well, both as free and paid versions (approx. €70 per year for Avast Premium Security, occasional offers) for both Windows and Mac The support for Avast seems to be better.
• Bitdefender is also worth a look, especially in the free versions (only for Windows).