With the advent of the Surface Pro X, there is becoming a push for more 2-in-1 devices to work on ARM technology (as is found in most cell phones and tablets) to run full Windows OS's. However, there is no support for Endpoint Protection (Cloud or On-Prem) for these types of devices. I would like to see an Endpoint Protection package (Anti-virus, firewall, application control, etc.) that will support ARM processors.

Allow us to block Google Quic protocol on Endpoint level since we can do it from the Firewall. This would allow us to block it from the agent instead of having to manually disable it on Chrome or setup a Windows Firewall rule to block 443 or 80 on UDP.

Please give an update for the upcoming Surface Pro X
The upcoming Surface Pro X that will run on an ARM processor will not be supported by Endpoint (I do apologize for the earlier confusion).

The issue is with ARM processor and how it emulates 64 bit applications. Particularly, applications that originally were coded for 32 bit applications like Endpoint.

This function is helfull to remove quicly solved alert notification by accesing in admin panel. In some cases, always having to login to the console to reset the alerts is very time consuming.

allow AD sync to import Computer Groups
This would make policies based on Computer Group membership much more useful and easier to maintain in an enterprise environment.

After renaming PC that installed Sophos Endpoint, the device name in Sophos Central Admin portal is not updated. How can I solve this issue?

Need to be able to choose or enter specific email recipients on scheduled reports...
As it is now, only the Super admin who created the report receives the report. We need to be able to set up scheduled reports to be sent to people that are not super admin such as CIO, CEO, CFO, President, Head's of organization, etc....

For organizations with regional IT teams, it would be helpful if email alerts could be configured beyond just severity, product and category. For example, it would be useful if email alerts could be sent for events pertaining to a specific group or groups of computers. It would allow IT teams to only receive alerts for machines that they are responsible for. Alternatively, regex or string matching criteria would be super useful (more flexibility).

Thank you for your consideration,

Albert

Add this application to your list of applications your regular check to block. This is an intrusive application that scans your outlook and exports contacts, signatures, to a company called "ZoomInfo" where it is then sold to sales reps for lead generation. Many users aren't even aware this is installed on their machines and it's a user install, making it easy users to install it without understanding what it does.

Apparently uncommon (to sophos) applications need to be resubmitted to be blocked each time there is an update to the application. There should be other methods to block the application other than SHA, whether it's source of install, name, etc. It is not ideal to be keeping tabs on an application for updates when you dont want it in your environment.

Central Endpoint: Can define which USB ID as full ID name because currently show same model and Vendor, can't define which USB when client detected

We would like the ability to separate different threat types (PUA, Malware, Adware, etc.) and then be able to select an action to take on these individually (Remove, Quarantine, email alert, etc.) As of right now there is no way to treat any of these differently or define how to mitigate the risk.

When there is problem with Endpoint, and reinstall is needed, after uninstall, there is lot of registry keys, and files left on the system. On some cases, i have to grab 3rd party tool to remove registry keys. It would be really helpful for us (aspecially in large enviroments), to have complete uninstaller. Something, that get rid of everything, all files, all registry keys, so i can do clean installation.
Thanks in advance for your feedback.

As well as getting an email for alerts within our organisation it would be useful to be able to configure text alerts to go to the people who nvestigate as emails get missed. You can subscribe to general alerts via SMS but not specific ones for enepoint or server alerts within central.

Allow Web Control to apply Per Device instead of current Per User. This would be helpful in an office where staff roam PC to PC but the computer should have restricted website access.

There is no way to run a report or search for any devices that have had tamper protection disabled and it has not been re-enabled.

When adding files, websites and applications from scanning for threats,
it would be great to have another field or 2 so that the Sophos admin can enter when exclusions are being added and a description for the reason why (i.e. internal helpdesk ticketnumber)

Sophos Antivirus agents should be downloading updates via HTTPS instead of HTTP. This should be an option since use SSL/HTTPS is an industry standard.

Almost all central or cloud consoles for competing AV products have the ability to remotely remove/uninstall agents from a workstation. There are command line functions that can be used directly from a workstation to do this and you can reinstall the product if already partially installed, so it would seem like a VERY simple change to implement an uninstall function.