Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Send an alert whenever an endpoint fails to register with Sophos Central.

    We have a number of AWS instances which are cloned to bring up new servers and we ran into a problem with duplicate endpoint IDs in the MCS configuration. When the servers tried to register with Sophos Central they would receive a 401 error back. I've found how to set up the images for the servers to avoid this (KB article 133268) but I think it would be helpful to get an alert when an event like this or any other issue that prevents the server from registering. Obviously if some network issue prevents the server from connecting to the…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  2. Configure sav-rms.service to start after sav-protect.service.

    We've been seeing some false alarms with real time protection on some servers when they boot up. It seems to be a timing issue with the sav-rms and sav-protect systemd service files. If sav-rms.service starts before sav-protect.service, it will report that real time protection is disabled for a few minutes. I changed the After= line for sav-rms.service to include sav-protect.service and I don't see the false alarms any more.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  3. File Integrity Monitoring on Linux Server Protection

    Enterprises need File Integrity Monitoring on their Linux system files. This is a requirement for all systems requiring Continuous Monitoring (NIKST 800-137) which are all defense contractors, Government contractors, government agencies, and soon, all HIPAA covered entities.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  4. Website/IP exclusions for Linux

    Allow us to add exclusions, especially to MTD, for websites/IP addresses in Linux. We have VMs in a cloud environment that are constantly talking to a monitoring host. Without those exclusions CPU usage is really high.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  5. Make Real time scanning - Local files and network shares applicable on Linux

    Apparently the policy setting:
    "Real-time scanning - Local files and network shares" that can be configured for:
    on read
    on write
    only applies to Windows clients and not to Linux clients. On Linux you have to manually change the preference using eg:
    /opt/sophos-av/bin/savconfig set TalpaOperations -- -open
    to disable "on read"
    But obviously:
    1. This is not scallable
    2. This makes the Linux Sophos AV impaired in terms of feature comparison to Windows
    3. It's very problematic on eg. NFS servers where on open NEEDS to be disabled due to high CPU usage that sophos processes may spark.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Awaiting reply from Submitter  ·  1 comment  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  6. linux move infected to quarantine

    Instead of locking access to infected file, an option to move to quarantine would be beneficial for real-time scanning of some 3rd party product queue directories

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  7. Exclusion rules should allow folder wildcards

    ClamAV on a Linux Server uses /var/tmp/*.tmp/*.tmp to store email contents while scanning them, and the number of alerts from dubious contents can be high. As the *.tmp names are randomly generated, but start with ClamAV-*, it would be nice to exclude them and let ClamAV do it's work, then check the contents of the emails when they land in their final destination instead.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  1 comment  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  8. Make mkinstpkg support HTTPS locations

    When preparing a Linux installation package on SAV for Linux 9.12.3, attempting to specify an update URL in the form "https://server.example.com/sophos" results in the message "The update source address must be a website or an absolute directory path." Keeping the same URL but removing the S, i.e. "http://server.example.com/sophos" works as expected.

    Please enhance the tool to allow HTTPS locations so authentication passwords aren't sent in the clear.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  9. scheduled scan: control priority / niceness of jobs

    scheduled scans are still quite limited, as we can see here: https://www.sophos.com/en-us/support/knowledgebase/117346.aspx

    One of the options we would like to see is being able to give the scheduled scan some reduced system priority / i.e. niceness, to limit the performance impact of scans: scheduled scans normally need not run at high priorities.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  3 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  10. scheduled scan: option to abort a running scheduled scan

    scheduled scans are still quite limited, as we can see here: https://www.sophos.com/en-us/support/knowledgebase/117346.aspx

    One of the options we would like to see is being able to abort a running scheduled scan.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  1 comment  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  11. scheduled scan: implement quoting in exclusion definitions

    One of the options we would like to see is that the exclusions specified with the exclude keyword can include quotes like "\ " to specify a space in a path / file specification. Currently, we have to workaround by putting asterisks at those character positions.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  12. scheduled scan: implement controlling Default extensions

    scheduled scans are still quite limited, as we can see here: https://www.sophos.com/en-us/support/knowledgebase/117346.aspx

    One of the options we would like to see is that we would like to control the list of Default extensions that is implicitely active: there is only a parameter called "excludeExtension"

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  13. SAVDI reload on sav update

    Please notify a running savdi about the performed pattern update by the savupdate process.
    This is more a bug than a feature-request and should be implemented very easily, because the savdi daemon writes a pid-file and has already implemented a signal for this (kill -HUP <savdi pid>).
    The implementation could be done in a few lines of code...

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  1 comment  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  14. HIPS for Linux

    We would like to see HIPS functionality added to the Sophos AntiVirus Linux client.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  2 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.