I got a lot of requests that Sophos should has this feature.

while creating the password-protected file, Sophos should have the ability to set the expiry date in order to protect the file that sending out of the office.

Per support it is apparently a bug to run Sophos encryption with DLP at this time:

https://community.sophos.com/kb/en-us/120861

We have rolled out encryption in phase one and was intending to implement DLP in phase two. All attempts to use DLP in our pilot program leads to everything being blocked due to encryption.

This post is to simply track the progress of the bug fix release to allow both solutions to work together.

Unfortunately, there is currently no way to automatically authorize company notebooks if they are on the company network. No matter whether with or without TPM.
Furthermore, there is no way to assign the encryption password Central, so that not every user can enter their own.
Unfortunately, there is also no way to create central sticks that are required for encryption.
Windows offers these options with Bitlocker, but it is not yet centrally supported by Sophos Device Encryption.

Hi,

It will be nice to have full disk encryption for Linux RedHat, Centos and Ubuntu. Especially these days when government require encryption on their machine. These distributuins are the most used

Unlike Luks encryption, users should not need to decrypt the disk with a pass code before logging with their domain name.

Encryption should be controlled from one central point

As one of the requirements of the Security Department We would like to Implement
DLP - Data Loss Prevention via Gmail. That means blocking the transfer of files with a defining characteristic via Gmail. In That way when a user will attach such a file in order to transfer it to any mail destination Sophos will worn and ask permission to do it or just block it without any question.

I need to be able to encrypt all USB drives that get connected to our systems. We have a lot of users who backup up to external drives, which could easily be stolen. Also need to encrypt any usb flash drives that are being used as well. This is a high priority.

Please increase development effort on the re-engineering of DLP so it does not use the AppInit_DLLs and therefore can have Secure Boot enabled.

Microsoft post in May 2018:

The AppInitDLLs mechanism is not a recommended approach for legitimate applications because it can lead to system deadlocks and performance problems.
The AppInitDLLs mechanism is disabled by default when secure boot is enabled.
Using AppInit_DLLs in a Windows 8 desktop app is a Windows desktop app certification failure.

When creating a rule you should be able to select who recieve the email alerts. Either as an individual or to a Distribution Group. Currently you either get all or nothing through the global settings, this should be added as a feature when defining the rule as to who recieves the alerts

It would be great if DLP could scan the clipboard, and in and outbound email for text matching the bank details profile.

At the moment it only scans files containing card data, I would like to see it cover a more broad number of scenarios.

We have found that users would be more likely to write or copy card details into the body of an email, then they are to go to the lengths of creating a file, adding the details, saving the file, and emailing it.

Thanks

The SGMTrace-Logging could be "acitivated" and "deactivated" (= changing Minimumtracelevel from 5a to 0 and back) via buttons in the about-box of SGN.

Allow wildcards in Ignored applications, instead of having to enter the literal path for excluded applications. In our case we have to include java for preformance reasons, and there are dozens of versions, with new versions being added regurarly, wich requires inervention for every new version. Allowing wildcards would make life allot easyer.

Support Microsoft Edge as a Browser Destination for DLP. This is the default browser for Windows 10, and it cannot be removed.

The browser destination features of DLP are severely limited without this.

It is a SGN MC recovery feature and should also be available via Webhelpdesk.

In DLP Alerts, is it possible to include the full path to where the file was being Moved/Copied?

Please add the Filterdriver Support for Domain-DFS Namespaces with FQDN Access in the Windows Explorer in SGN 8.10, in 8.00.5 it already works.
If the user access the share with FQDN, it is able to DECRYPT the data in 8.10, because the Filterdriver obviously does not interpret FQDN-Paths.
In 8.00.5 it was possible to define FQDN Paths both in SGMC and in the Windows Explorer on Client Side.

Example:
\domain.fqdn\dfs\share --> Does not work in SGN 8.10
\domain\dfs\share --> works in SGN 8.10