Thread necromancy.
Probably this weekend migrating from Kaspersky to Sophos. I'm very not happy, but I didn't argue against it. Kaspersky Endpoint Security was rock solid whenever dialed in. Overhead isn't too horrible considering NOTHING got past it. In fairness, part of that was good training we gave to users. In three years, we got two malware samples (unopened) that we had to send to Kaspersky. Generally sorted within an hour or two.
It's solely the amount of configuration necessary to dial in that annoyed the CIO to the point where he said "We're switching. Find something else." I don't blame him. At all. Just because Kaspersky stopped every malware the world threw at us didn't excuse the impact on production during the Win10 and AutoDesk 2017 deployments.
Literally with Kaspersky, my malware concern was "nottin', carry the nottin', divide by nottin'". Sure, once every couple years, it was a nightmare to fuss with the config but the support was excellent.
Now... I'm still on the hoof if something bad happens but literally there's nothing I can do but depend on a vendor. Only F-Secure is on the same level as Kaspersky, but they're even WORSE on the configuration end. Sophos is also "cloud managed", which is on par with driving a sports car with the trunk filled with unstabilized nitroglycerin. If you don't hit anything and odds are low that you would, it's awesome. However, when the low probability event actually occurs, you're in a world of hurt. Kaspersky was like a T-72. Runs over fascist malware all day long, but every 18 months you have to beat on the engine with a wrench because Microsoft or AutoDesk randomly filled the tank with lightly preowned water instead of diesel. After enough vodka and sullen rage, it'd calm down until the next Microsoft 'surprise'.
I'll continue to run Kaspersky at home because I can deal with the annoyances as a tradeoff for the fact that no one has continuously outperformed them. Plus they're the only AV company that I've never heard of cooperating with government entities. They're still massively screwing up by expanding their functionality range to meet edge/niche customers at the expense of simplicity and ease of operation. This was and is a mistake.
Everything has confirmed my opinion of Sophos. It's good enough but not great, and it is indeed a champion of the Apple way of thought. It's almost insulting simple and if it doesn't fit your needs, kindly die in a fire. Now give us money. But it thankfully does (currently) fit our needs and it's not a bad design. They provide good, rather than furious avenging deity level, protection. Not hideously overpriced. Thankfully, mostly no Cult like devotion.
Side-note, we'll probably continue to use Kaspersky for email scanning on the Exchange server. It's old school, almost neglected product (the software is neglected, not the virus definitions) which is excellent news. Very low amount of configuration, just works, good performance and crushes malware like a T-72 running over a counterrevolutionary chicken. Very little badly and annoyingly implemented feature bloat. Probably good idea to have two very different antivirus products anyways.