With the Enterprise Console version of the product, when a device control policy is enforcing blocks and allowing exemptions, the exempted devices do not show up in the device control logs.

Please add the option to log exempted devices.

On OSX, on a device controlled client, going from wireless to wired connection creates a message indicating that the wireless bridge has been blocked. This can be annoying for an end user that goes between wireless and wired connections. We still want the bridge to be blocked, but it would be great if we could suppress the warning.

There should be a way to bulk remove devices from Sophos Cloud. One way could be uploading a CSV file with device names to be removed.

We have implemented device control on the network. However, the services of current version of Sophos Endpoint Security and Control (10.3) can be easily terminated by local Administrator users. This is painful for those non AD environment. It will be great if Sophos can consider to release patches or newer version of AV to prevent user from doing this.

The ability to Block USB printers from being connected to corporate devices. This puts HIPAA data at risk by allowing the user to print data on non- approved devices.

When the customer plugs in a PC-DMIS dongle, they would like our device control policy to detect this specific device and be able to add an exemption for it.

With an expected implementation of restricting use to solely encrypted flash drives for our company, add the Kanguru Defender Elite30 model series to the supported device list in the Secure Removable Storage category of Device Control.

Control the use of Android devices when tethered to an OS X Mac

Disable Sophos automatically resetting windows security settings (e.g. UAC)

This is causing an issue whereby when Sophos identifies a problem, it resets windows security settings and turns UAC back on. The environment requires UAC be turned off.

You can currently turn this off via per-pc registry key, see:
https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/90238/window-security-options-being-reset-during-remediation

This would be ideally managable from the enterprise console

[DEVICE CONTROL] Exempted device usage logs (Who used the device? On what machine? When? What device has been used - Device ID and Device type? Etc.)

[DATA CONTROL] Device IDs should be included on the data control logs (Specific for Removable Storages)

I would like to be instantly alerted when a user attempts to use an unauthorized device on the network such as a flash drive or mobile phone. Having to wait until the next day to see the attempt on a report is not providing us with a fast enough response time to eliminate a possible threat.

When opening central Dashboard i like to click in the graphic or any other number like "not protected" to view Clients or pc's are affected. It is not possible to filter the list at People or Computers to see "not protected".

I would like to request your team to add the selection of groups/container upon exemption on Device Control Policy. This will give ease on tedious process we have right now in which we will have to access each group policy and exempt the same device. On the email sent earlier, I have attached sample image, hope you can consider adding that to your features not only on device control policy but also to other policies that may apply the same for easier management.

Upon the installation of Sophos Mobile, there is a point where you are asked if you want to turn ON location and the choice is either “Never” or “Always”. This should NOT be
an option, when it comes to corporate own products, it should be “Always” by default on a Cell phone. Can your development please update the app or generate another installation with that setting enabled by default and grayed out.

Currently, we block all removable storage unless permitted by exemption. We would like to turn on device control for MTP/PTP but we cannot do so in the same policy unless we block it the same way as our removable storage. Please make Device Control more granular so that I can choose to block certain device types entirely, while still enabling me to detect but NOT block others (such as MTP/PTP). I want to be able to detect MTP/PTP for a few weeks to see what devices are being used before I block them.

Be able to restrict devices to a certain wireless security type, such as WPA2 only.