this is testing

With the advent of the Surface Pro X, there is becoming a push for more 2-in-1 devices to work on ARM technology (as is found in most cell phones and tablets) to run full Windows OS's. However, there is no support for Endpoint Protection (Cloud or On-Prem) for these types of devices. I would like to see an Endpoint Protection package (Anti-virus, firewall, application control, etc.) that will support ARM processors.

Many of user can bypass company firewall via personal hotspot of GSM operator. If we can manage SSID and we may define whitelisted SSID will prevent that issue.
Could you please add SSID management under perhipal/device control as a new feature.

Adding a customizable dashboard to Sophos Central Admin would give administrators the option add the widgets that they need for their daily work routine on the first page that they see when logging in. Beside the already available widgets (customizable) additions from the report section would be nice. A Reset to Default functionality should also be provided.

Can you please create the same list of applications list so we will be able to block some websites like :

• Online storage

We would like to be displayed it so that we can see what has been updated in Central.

Please give an update for the upcoming Surface Pro X
The upcoming Surface Pro X that will run on an ARM processor will not be supported by Endpoint (I do apologize for the earlier confusion).

The issue is with ARM processor and how it emulates 64 bit applications. Particularly, applications that originally were coded for 32 bit applications like Endpoint.

Sophos Central should show MAC addresses for connected devices.

Allow us to block Google Quic protocol on Endpoint level since we can do it from the Firewall. This would allow us to block it from the agent instead of having to manually disable it on Chrome or setup a Windows Firewall rule to block 443 or 80 on UDP.

Having now IPS on Endpoint, means that behind an XG FW with its own IPS activated there's a certain overlap (double check) of certain IPS patterns.
Proposal: use the heartbeat (synch security) to check whether or not the endpoint is sitting behind an XG FW with IPS enabled. If so, the endpoint doesn't have to check them again and can save some resources.

For every Sophos customer, please vote to have the Data Loss Prevention feature for Mac OS. We are a majority mac-house. I am sure there are tons of companies that have Macs in their ecosystem -

Thank you Sophos for valuing your customer's suggestions.

For Intercept X

Could you please make a ZAP Toll equivalent for macOS as you do with Windows.

Hello,

We are facing a problem. We have created a Web control filter under "Control sites tagged in Website Management" where we blocked drive.google.com

Despite of it being clocked, the site is accessible.

Some customer asks about adding group automatically during the installation on Linux server(central).
There is a option for Windows/Mac endpoints.
Is it possible to add similar option for SophosInstall.sh? like --servergroup, --group and so on.

Almost all central or cloud consoles for competing AV products have the ability to remotely remove/uninstall agents from a workstation. There are command line functions that can be used directly from a workstation to do this and you can reinstall the product if already partially installed, so it would seem like a VERY simple change to implement an uninstall function.

There is no way to run a report or search for any devices that have had tamper protection disabled and it has not been re-enabled.

It is 2020 and macOS is a common workplace device. We require the ability to prevent file transfers containing PHI and other protective information, as well as create custom rules. This needs to be revisited

On Sophos Endpoint policies, having the ability to decide on "Action to take"on all detection/issues.
When building software packages for deployment we receive numerous false positives.
Having the ability to respond to a detection to say "This is a safe file" would save many hours wasted adding exceptions and repackaging again. This is already an option for "Low reputation files downloaded".