It would be nice for Sophos to have an offline installation. A number of remote sites in my case have very poor internet connectivity and having the installation files download during the installation process is tedious and unsuccessful in some cases.

When there is problem with Endpoint, and reinstall is needed, after uninstall, there is lot of registry keys, and files left on the system. On some cases, i have to grab 3rd party tool to remove registry keys. It would be really helpful for us (aspecially in large enviroments), to have complete uninstaller. Something, that get rid of everything, all files, all registry keys, so i can do clean installation.
Thanks in advance for your feedback.

Flag a stolen or lost device in Sophos Endpoint.

Device can be locked down, possibly remote wiped or operation system disabled.

Notification sent to Sophos Central Admin when device reports in on internet connection.

Every time Exploit Prevention has an update, each computer ends up in the "Computers with Errors" field, because it needs a reboot. You can't acknowledge them to remove them from that list, and they won't be removed until they reboot. We try not to reboot our users computers unless we have a scheduled maintenance.
It would be nice if there was a distinction between an Error and a "reboot needed"

I check that report to see when computers are legitimately having problems, so when every computer appears in that list after an update, it kind of defeats the purpose.

It would be helpful to be able to specify the length of time or the maximum size of logs stored on endpoints, so that we can plan for storage requirements, rather than them growing indefinitely.

I'd really like it, if under Computer Management -> Manage Computers, it show the last update/login date of the computers in the list.
This way it would be easier to keep track of old systems that are no longer updating.
I'm sure that this also would be useful in the full version, for administrators to keep track of systems that are no longer using/need licences.

Installation on Thousands of Mac's is practically impossible with an app installer. Why would you not give a .dmg install pachage that could be sent out via MDM solutions such as JAMF Casper or others? We can not rely on thousands of end user, in our case students from grade 5-12th to run through an install package. If we had known this beforehand, Sophos would not have been considered...

Currently, when enabling the setting to require MFA for all admins, it breaks the AD Sync tool. The only way around this is to manually add Admins to the list required to use MFA. This is a potential security issue as it is easy to forget to do this. I would like to see a feature added where MFA can be set to required for all admins, but the ability to add an exception for instances such as the account used for AD Sync. Thanks

Put a PAUSE button on the Central Endpoint scans! When it is scanning it makes using the computer next to impossible with high resource usage. All applications are slow to respond, if at all. Sometimes need to use the computer during a scheduled scan--no choice now but to Cancel the scan. Unfortunately Sophos has not provided an option to rescue his work. All other antivirus and anti-malware software have PAUSE buttons. Why not Sophos? Sophos theme is security made simple. So pls do not complicate. Need a button pls.

We're constantly having hosts that have a status of red because Sophos is falsely reporting that "Running malware in quarantine or cleanup failure" Can we fix this or have an automated process to delete the events.db?

It would be nice to be able to block all users from being able to install any software on their company computers using Sophos Intercept X advanced...just the same way we have server lockdown in Intercept X for servers, kindly do the same to Sophos endpoint.

It would be really good if there is a report list of assets together with latest AV signature can be extracted from the Sophos Central

more than half the tickets I get from our enterprise console are the need for reboots, please reconsider adding this feature and/or read the comments from other frustrated users of your software. Or even offer the ability to force a reboot after 1 week. Something besides sticking your head in the sand.

Sophos is really good at finding malware, but not so good at cleaning it up. Half the time it requires, "Manual Cleanup." If it had better/more powerful removal capabilities, that would be fantastic.

Security Configuration Asssessment (SCA)

Security Content Automation Protocol (SCAP) Scan is method for using known standards to run vulnerability and compliance scans. This allows the user to evaluate and secure their systems.

Each policy check can contain an optional compliance field that is used to specify how the check is relevant to different Compliance Standards specifications.

Scan based on:
CIS https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/
Stigs (DOD) https://public.cyber.mil/stigs/scap/
NIST.

Help to compliance with ISO27001, PCI DSS, CSC, NIST.

It would be nice to configure Web Control Policies based on the Computer Group or a Computer as Type instead of only Users, for example a Laptop that is not only in use in the company but also used at home for private use.

End point protection installer in windows installer MSI format with parameters please.