Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Device Control - USB Devices

    Is it possible to be able to restrict access to USB's my a unique ID - such as serial number?? Currently you can restrict my model but that doesn't stop an employee bringing in their own USB stick if it is the same make and model we us??

    Basically we want to be able to issue USB sticks out to staff and only allow those precise devices to connect. Not any device that happens to be the same model.

    36 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      3 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
    • Allow USB Device by ID AND per User

      Central Endpoint: Is it possible to add a "layout" to except USB Devices by ID combined with a Person? So the Basic Policy could block any USB Device and Exceptions are made by Person instead of a Policy which allows the Device for many Computers or Users. So the exceptions is one by one (Device ID & User).

      3 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
      • [Device Control] - possibility to block usb-to-ethernet adapter

        Currently you cannot block usb-to-ethernet adapter.
        There are several usb-key attack-scenarios which use the ethernet emulation to sniff ntlm-hashes from a windows PC. Is there also a possibiliry to an option to block media devices like usb keyboards, usb mouse and/or cameras? Or an option to create your own device classes.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
        • Block Mobile Hotspot on Win 10

          Sophos Can block Wireless, But cannot block Mobile Hotspot running on WIN 10. This is a great feature to have.

          Thanks!

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
          • Disable Sophos automatically resetting windows security settings (e.g. UAC)

            Disable Sophos automatically resetting windows security settings (e.g. UAC)

            This is causing an issue whereby when Sophos identifies a problem, it resets windows security settings and turns UAC back on. The environment requires UAC be turned off.

            You can currently turn this off via per-pc registry key, see:
            https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/90238/window-security-options-being-reset-during-remediation

            This would be ideally managable from the enterprise console

            3 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
            • Enable Fast user switching on Safeguard

              Enable Fast user switching on Safeguard, so that administrator users can access the computer without closing the current user's session

              2 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
              • Adding a Comment Field to the Peripheral Exemptions List

                It would be nice to add a comment field to the Peripheral Exemption List giving users the ability to leave a comment about the device. Users could leave a comment on who owns this device or why the device was allowed.

                5 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  2 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                • Pop up that suggest the election of scan or not scan a USB Device

                  If Sophos can detect and block the USB devices, I think that Sophos can add a Window message to help the users to Scan the USB keys when this is connected to PC. With this manner if the user have selected the option once, for example, when connected the first time to the PC the second or next times he can cancel the process.

                  The Sophos message is "Simplicity" and the idea is provide a "Simple" option to users to scan your USB's or other medias when it's are connected to the Pc's.

                  This was suggested by LINCK in community …

                  2 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                  • Block the Executable Files in Device Control

                    To combat the unknow malware (mainly don't detected by Sophos) a new Device Control option as "Block the Executable Files" can help to protect the network without lost the functionality to copy/read/delete other documents from this medias. In the business the users generally uses your USB's to transport documents (word, excel, ppt, txt, etc).

                    This was suggested by LINCK in community https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/155/automatic-scan-of-removable-media#pi2151=1

                    2 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                    • [DEVICE CONTROL] Exempted device usage logs (Who used the device? On what machine? When? What device has been used

                      [DEVICE CONTROL] Exempted device usage logs (Who used the device? On what machine? When? What device has been used - Device ID and Device type? Etc.)

                      [DATA CONTROL] Device IDs should be included on the data control logs (Specific for Removable Storages)

                      3 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                      • Device Control - USB Devices

                        Is it possible to be able to restrict access to USB's by a unique ID - such as serial number?? Currently you can restrict by model but that doesn't stop an employee bringing in their own USB stick if it is the same make and model we use??

                        Basically we want to be able to issue USB sticks out to staff and only allow those precise devices to connect. Not any device that happens to be the same model.

                        2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                        • device controll

                          Selection "All" for "Modell-ID" (Problems by bluetooth mouse MX Anywhere 2/changing Modell-ID daly)
                          Select "ALL - Modell-I"D for XY.. -Device-ID.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                          • Can we allow only to secured Bluetooth device by default & block to only mass storage Bluetooth devices?

                            As per existing device control policy,Either we can allow or block any Bluetooth device under Device control policy but cant keep allowed by default only Secured Bluetooth device (which doesn't has mass storage)

                            Can we allow only to secured Bluetooth device by default & block to only mass storage Bluetooth devices?

                            Kindly confirm on this

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                            • device control

                              We have already set the default policy for
                              device control and these policies are applied on one of the particular group, but
                              when user from this group wants to access printer or dongle such devices are
                              getting blocked as they are not storage devices. Every time we need to exempt those
                              devices . Our concern is that we want these devices(Printer, Scanner, Dongle)
                              allow automatically for the user without need of any exemption. and this feature is not available on Sophos antivirus.

                              Kindly provide solution for it asap.

                              2 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                              • Device Control - Log All USB Connections

                                We need to be able to log and report on all attempted USB device connections, whether successful or not, regardless if policy is being enforced or not. Currently, whenever the box marked 'detect, but do not block' is checked, you have the ability to report on all devices, but if the box is unchecked, and policy is set to allow all devices, you can't report on devices that successfully connected, only the blocked attempts are reportable. This needs addressed.

                                11 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  1 comment  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                                • Auto Scan of Removable Devices upon Plugging In

                                  Removable Devices should be scanned automatically upon plugging so that normal users can have a clean flash drive every time they use it.

                                  5 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    1 comment  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                                  • HL-DT-ST DVDRAM GU10N identified removable device, it should be identified Optical device

                                    HL-DT-ST DVDRAM GU10N identified removable device, it should be identified Optical device

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Add Imation IronKey D250 Personal 4GB secure removable storage device to supported Device Control list

                                      We recently decided to move forward with using the Device Control feature. We have dozens of these devices distributed through the facility. I see the Enterprise and Basic version has already been cleared. Please add this one the Personal.

                                      Thanks in advance.

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Allow CD-writers to be exempted when using read only policy

                                        We want to have a read-only optical device policy to allow all CD-ROMs to be used but only allow CD-writers by exemption. When using the read-only mode, any attempted write events are not being reported on the client or to SEC/Central, so there are no device control events to select and exempt the CD-writer you want to authorise. The only workaround is to temporarily set the policy to the more restrictive 'blocked', at which point all previously blocked events are suddenly reported to SEC/Central, allowing it to be exempted, then the policy can be set back to read only. Clearly…

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                                        • "Global" Exemptions (or better exempation by "Model")

                                          I have many "Integrated Cameras" that have been blocked after blocked MTP/PTP. I can exempt the Integrated Cameras by Model, but it only applies for 1 policy, which means I need to add them every policy. It also appears only appears to apply when the laptop model is the same as well, so I have to add "Integrated Cameras" for each different type of devices it has found on.

                                          We need to be able to exempt devices globally to that it applies to all matching peripherals of that type and on all policy.

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.