With the advent of the Surface Pro X, there is becoming a push for more 2-in-1 devices to work on ARM technology (as is found in most cell phones and tablets) to run full Windows OS's. However, there is no support for Endpoint Protection (Cloud or On-Prem) for these types of devices. I would like to see an Endpoint Protection package (Anti-virus, firewall, application control, etc.) that will support ARM processors.

When there is problem with Endpoint, and reinstall is needed, after uninstall, there is lot of registry keys, and files left on the system. On some cases, i have to grab 3rd party tool to remove registry keys. It would be really helpful for us (aspecially in large enviroments), to have complete uninstaller. Something, that get rid of everything, all files, all registry keys, so i can do clean installation.
Thanks in advance for your feedback.

For organizations with regional IT teams, it would be helpful if email alerts could be configured beyond just severity, product and category. For example, it would be useful if email alerts could be sent for events pertaining to a specific group or groups of computers. It would allow IT teams to only receive alerts for machines that they are responsible for. Alternatively, regex or string matching criteria would be super useful (more flexibility).

Thank you for your consideration,

Albert

Add Vivaldi browser as support browser for web control

Every time Exploit Prevention has an update, each computer ends up in the "Computers with Errors" field, because it needs a reboot. You can't acknowledge them to remove them from that list, and they won't be removed until they reboot. We try not to reboot our users computers unless we have a scheduled maintenance.
It would be nice if there was a distinction between an Error and a "reboot needed"

I check that report to see when computers are legitimately having problems, so when every computer appears in that list after an update, it kind of defeats the purpose.

We would like to use SCCM for upgrading (and potentially downgrading) the endpoint protection client. This is currently not possible and supported by Sophos since an upgraded agent will immediately downgrade to the version specified in the software subscription when connected to the Enterprise Console.

When you go to override the Sophos Central Policy for 4 hours to troubleshoot you have the option to toggle all the various options off. The problem is that you can't toggle them back on (and it was confirmed by Sophos support that they don't support this yet). It seems to me it would be a better idea to turn each of those on and off (actually use them as a toggle especially since they look like a toggle and appear to act as a toggle).

Would like to see user based web control on the Server Protection. Useful if your running session-based hosts for remote desktops.

To be able to make the Hero Report schedule-able and have the ability to send to email

Hi

I want to be able to apply an allowed group to users for specifically DVD drives and Mobile devices.

I have ended up creating 3 separate policies because you can only assign 1 group to a user.

Can you not make it a feature so if we want to create a dvd allow policy we can just add dvd to the policy for that group without having to block everything else?

thanks

I want lockdown events on the server client machine to be seen on endpoint machine as well

What about Automatic Exclusion / full support for Exchange 2019 ?
-it's (GA) been out for over a year..

ETA ?

Central Endpoint: Can define which USB ID as full ID name because currently show same model and Vendor, can't define which USB when client detected

Sophos Endpoint Protection für OSX makes a call back to MacFeedback.Sophos.com. We need to disable this "Feature" as we do not know which information are send to Sophos and we need compliance to the GDPR - https://gdpr-info.eu/.

It would be great to have a switch to stop using "MacFeedback.Sophos.com"

Sophos Technical Support have confirmed that it is expected behaviour for the Endpoint Events log to display an incomplete list, as compared to that available in Sophos Central Admin console reports by Device.

For instance, it appears that ‘Application [X] was blocked by an endpoint firewall’ does not display in the endpoint client events. Nor does 'Update succeeded', or 'Real time protection disabled/re-enabled', etc.

However Sophos Technical Support cannot confirm what events are not shown to the user via the Endpoint Events log, and could only recommend creating a feature request for creation of a knowledge base article to explain.

Currently Teams is not includes as a destination in the Data Control Policy for the on-premise Enterprise Console. Only Skype for Business - Teams is the official successor to skype for business !!

It is important to ensure that unwanted files can not be distributed across teams

I would like to be able allow and/or add device exceptions based on whether the removable storage device is encrypted with Bitlocker. These should be considered by Sophos as "Secure removable storage".

There is no way to run a report or search for any devices that have had tamper protection disabled and it has not been re-enabled.

should be available feature to exclude using domain name in DLP polic