Re: so now tha bad guys
Service providers don't "choose" to use these lists. The denied persons and denied entities lists are published by the US Government and are mandatory if you are a US company or use/sell US technology. Quite why Sophos believe they have an obligation for a basic AV program, only Sophos can say. These denied parties lists are notoriously poor quality with little to distinguish between names. So I can understand what Sophos are doing because it fulfills compliance rules issued by the US Government (similar rules apply to UK as well). But why ? Anybodies guess..