Endpoint Protection
Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data
-
Log exempted USB devices
With the Enterprise Console version of the product, when a device control policy is enforcing blocks and allowing exemptions, the exempted devices do not show up in the device control logs.
Please add the option to log exempted devices.
8 votes -
Suppress Wireless Bridge Access Blocked Notification
On OSX, on a device controlled client, going from wireless to wired connection creates a message indicating that the wireless bridge has been blocked. This can be annoying for an end user that goes between wireless and wired connections. We still want the bridge to be blocked, but it would be great if we could suppress the warning.
2 votes -
Bulk Device Removal
There should be a way to bulk remove devices from Sophos Cloud. One way could be uploading a CSV file with device names to be removed.
11 votes -
Prevent user from disable or terminate the Sophos services
We have implemented device control on the network. However, the services of current version of Sophos Endpoint Security and Control (10.3) can be easily terminated by local Administrator users. This is painful for those non AD environment. It will be great if Sophos can consider to release patches or newer version of AV to prevent user from doing this.
2 votesWe are enhancing tamper protection for Windows and Mac within the next few months
-
Ability to Block USB Printers
The ability to Block USB printers from being connected to corporate devices. This puts HIPAA data at risk by allowing the user to print data on non- approved devices.
3 votes -
DMIS Dongle
When the customer plugs in a PC-DMIS dongle, they would like our device control policy to detect this specific device and be able to add an exemption for it.
2 votesAwaiting Feedback ·AdminDarrenT (Senior Product Manager, Sophos Features & Ideas Laboratory) responded
Can you supply an example device?
-
2 votes
-
Add Kanguru Defender Elite30 model series Secure USB drives to supported Device Control list
With an expected implementation of restricting use to solely encrypted flash drives for our company, add the Kanguru Defender Elite30 model series to the supported device list in the Secure Removable Storage category of Device Control.
2 votes -
Application Control - Selectively detect/block by category
Allow to select by category, instead of globally, to choose "block" or "detect" applications. From Customer:
Today we have the Application Control Policy set to “Detect but allow to run” which has allowed us to see what applications are detected which we could be blocking. We very quickly want to turn this feature on to start blocking application types, specifically the “File Sharing Application” type to block things like BitTorrent and other P2P software. The problem is that when we move this category to block we have to remove the “Detect but allow to run” option for all categories. Now…
7 votes -
Mac OS X device control of non iOS devices
Control the use of Android devices when tethered to an OS X Mac
1 vote -
Disable Sophos automatically resetting windows security settings (e.g. UAC)
Disable Sophos automatically resetting windows security settings (e.g. UAC)
This is causing an issue whereby when Sophos identifies a problem, it resets windows security settings and turns UAC back on. The environment requires UAC be turned off.
You can currently turn this off via per-pc registry key, see:
https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/90238/window-security-options-being-reset-during-remediationThis would be ideally managable from the enterprise console
3 votes -
Pop up that suggest the election of scan or not scan a USB Device
If Sophos can detect and block the USB devices, I think that Sophos can add a Window message to help the users to Scan the USB keys when this is connected to PC. With this manner if the user have selected the option once, for example, when connected the first time to the PC the second or next times he can cancel the process.
The Sophos message is "Simplicity" and the idea is provide a "Simple" option to users to scan your USB's or other medias when it's are connected to the Pc's.
This was suggested by LINCK in community …
2 votes -
[DEVICE CONTROL] Exempted device usage logs (Who used the device? On what machine? When? What device has been used
[DEVICE CONTROL] Exempted device usage logs (Who used the device? On what machine? When? What device has been used - Device ID and Device type? Etc.)
[DATA CONTROL] Device IDs should be included on the data control logs (Specific for Removable Storages)
3 votes -
Change the default selected option when viewing a Device Control policy
When attempting to add an exemption via a Device Control policy, it defaults to the 'Floppy drive' option but does not showing that this option has been selected. When you then click the 'Add exemption...' button it sets the 'Device type:' filter to 'Storage/Floppy Drive', and greys the filter out so that it can't be changed.
This is not very intuitive, and causes customers to believe that the Event Viewer is simply not finding any Device Control events. If possible it would be better for it to, by default, set the filter to 'All', which is currently how it works…1 vote -
Instant Unauthorized Device Alerts
I would like to be instantly alerted when a user attempts to use an unauthorized device on the network such as a flash drive or mobile phone. Having to wait until the next day to see the attempt on a report is not providing us with a fast enough response time to eliminate a possible threat.
5 votes -
Drill down at usage summary or open report on graphic click
When opening central Dashboard i like to click in the graphic or any other number like "not protected" to view Clients or pc's are affected. It is not possible to filter the list at People or Computers to see "not protected".
2 votes -
I would like to request your team to add the selection of groups/container upon exemption on Device Control Policy. This will give ease on
I would like to request your team to add the selection of groups/container upon exemption on Device Control Policy. This will give ease on tedious process we have right now in which we will have to access each group policy and exempt the same device. On the email sent earlier, I have attached sample image, hope you can consider adding that to your features not only on device control policy but also to other policies that may apply the same for easier management.
4 votes -
Sophos Mobile Control
Upon the installation of Sophos Mobile, there is a point where you are asked if you want to turn ON location and the choice is either “Never” or “Always”. This should NOT be
an option, when it comes to corporate own products, it should be “Always” by default on a Cell phone. Can your development please update the app or generate another installation with that setting enabled by default and grayed out.1 vote -
More Granular Device Control
Currently, we block all removable storage unless permitted by exemption. We would like to turn on device control for MTP/PTP but we cannot do so in the same policy unless we block it the same way as our removable storage. Please make Device Control more granular so that I can choose to block certain device types entirely, while still enabling me to detect but NOT block others (such as MTP/PTP). I want to be able to detect MTP/PTP for a few weeks to see what devices are being used before I block them.
1 vote -
Wireless
Be able to restrict devices to a certain wireless security type, such as WPA2 only.
2 votes
- Don't see your idea?