Add Vivaldi browser as support browser for web control

It would be nice for Sophos to have an offline installation. A number of remote sites in my case have very poor internet connectivity and having the installation files download during the installation process is tedious and unsuccessful in some cases.

When there is problem with Endpoint, and reinstall is needed, after uninstall, there is lot of registry keys, and files left on the system. On some cases, i have to grab 3rd party tool to remove registry keys. It would be really helpful for us (aspecially in large enviroments), to have complete uninstaller. Something, that get rid of everything, all files, all registry keys, so i can do clean installation.
Thanks in advance for your feedback.

Add user-based policy in Sophos Enterprise Console to block and allow USB access.

Flag a stolen or lost device in Sophos Endpoint.

Device can be locked down, possibly remote wiped or operation system disabled.

Notification sent to Sophos Central Admin when device reports in on internet connection.

Would like to see user based web control on the Server Protection. Useful if your running session-based hosts for remote desktops.

To be able to make the Hero Report schedule-able and have the ability to send to email

Sophos Technical Support have confirmed that it is expected behaviour for the Endpoint Events log to display an incomplete list, as compared to that available in Sophos Central Admin console reports by Device.

For instance, it appears that ‘Application [X] was blocked by an endpoint firewall’ does not display in the endpoint client events. Nor does 'Update succeeded', or 'Real time protection disabled/re-enabled', etc.

However Sophos Technical Support cannot confirm what events are not shown to the user via the Endpoint Events log, and could only recommend creating a feature request for creation of a knowledge base article to explain.

Every time Exploit Prevention has an update, each computer ends up in the "Computers with Errors" field, because it needs a reboot. You can't acknowledge them to remove them from that list, and they won't be removed until they reboot. We try not to reboot our users computers unless we have a scheduled maintenance.
It would be nice if there was a distinction between an Error and a "reboot needed"

I check that report to see when computers are legitimately having problems, so when every computer appears in that list after an update, it kind of defeats the purpose.

With the advent of the Surface Pro X, there is becoming a push for more 2-in-1 devices to work on ARM technology (as is found in most cell phones and tablets) to run full Windows OS's. However, there is no support for Endpoint Protection (Cloud or On-Prem) for these types of devices. I would like to see an Endpoint Protection package (Anti-virus, firewall, application control, etc.) that will support ARM processors.

Sophos is applying defitiion updates during the day and for some reason this is impacting our production workloads. It would be great to have the ability to schedule this, or define windows for acceptable update times.

When you go to override the Sophos Central Policy for 4 hours to troubleshoot you have the option to toggle all the various options off. The problem is that you can't toggle them back on (and it was confirmed by Sophos support that they don't support this yet). It seems to me it would be a better idea to turn each of those on and off (actually use them as a toggle especially since they look like a toggle and appear to act as a toggle).

We would like to use SCCM for upgrading (and potentially downgrading) the endpoint protection client. This is currently not possible and supported by Sophos since an upgraded agent will immediately downgrade to the version specified in the software subscription when connected to the Enterprise Console.

It would be helpful to be able to specify the length of time or the maximum size of logs stored on endpoints, so that we can plan for storage requirements, rather than them growing indefinitely.

Add Custom Applications:

Create a "Custom List" where specific exe's can be created and added to the blocked list when required. Ones of interest for us are;

SPDESIGN.exe
INFOPATH.exe

Currently Teams is not includes as a destination in the Data Control Policy for the on-premise Enterprise Console. Only Skype for Business - Teams is the official successor to skype for business !!

It is important to ensure that unwanted files can not be distributed across teams

Installation on Thousands of Mac's is practically impossible with an app installer. Why would you not give a .dmg install pachage that could be sent out via MDM solutions such as JAMF Casper or others? We can not rely on thousands of end user, in our case students from grade 5-12th to run through an install package. If we had known this beforehand, Sophos would not have been considered...

For organizations with regional IT teams, it would be helpful if email alerts could be configured beyond just severity, product and category. For example, it would be useful if email alerts could be sent for events pertaining to a specific group or groups of computers. It would allow IT teams to only receive alerts for machines that they are responsible for. Alternatively, regex or string matching criteria would be super useful (more flexibility).

Thank you for your consideration,

Albert

Could we have each system's anti-tamper status added to the Computer report? I believe there is a compromise solution looking at events for SEC customers but that is not an option for Central.