Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Ability to see which business files were affected

    In Threat Cases for Endpoint Protection, it currently shows Possible data involved: x number of business files. When clicking on the list of files it populates but does not show all with no option to expand the list. The investigation process could be eased if Sophos showed the names of the "possible data involved" files and their locations, if possible.

    3 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Incident investigation  ·  Flag idea as inappropriate…  ·  Admin →
    • Root Cause Analysis for attacks from remote machines

      We recently had an incident where there was a Ransomware detection from a remote internal server that was stopped by Intercept X. It turns out that it was a false positive, however investigating to get to that conclusion was a problem as there is only a generic event created in Sophos Central but no Root Cause Analysis. If you look in the Windows event viewer logs for hitmanpro, you can see which files were affected and where the attack originated from, so the information is available but not being used within Sophos Central. When it comes to critical detections like…

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Incident investigation  ·  Flag idea as inappropriate…  ·  Admin →
      • Custom Alerting request

        We our a large partner servicing many clients. We need the ability to customize what email address alerts are sent to. Additionally, we need the ability to "tune" the level of the alert. Often we find HIGH alerts are false positive. Items like "policy compliance", or "real-time protection disabled" will come in as HIGH and will then self resolve.

        We want to be able to control what HIGH tickets are addressed by our NOC staff.

        This customization has become very important to us as we scale. Could Alert customization be "fast-tracked" to production?

        Respectfully,
        Jeff C

        4 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Incident investigation  ·  Flag idea as inappropriate…  ·  Admin →
        • Sophos Central: keep logs of removed endpoint/server

          We had an issue where a customer, most likely, did not configure Sophos Server Protection correctly. That server got hit by ransomware. When the customer called for assistance the Sophos Server protection was no longer installed on the server and was also removed in his Sophos Central account.
          At the moment there is no option to see logs from removed devices in Sophos Central.
          In such cases it would be handy to still be able to retrieve logs from removed devices for a period in order to investigate and also have some proof.

          2 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Incident investigation  ·  Flag idea as inappropriate…  ·  Admin →
          • Solarwinds Log Event Manager Integration

            It appears there is a way to export logs and events into Solarwinds LEM for the on-prem version of Sophos Enpoint Protection server but not the cloud hosted version. We would love a way to import logs into Solarwinds for the Cloud version.

            5 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Incident investigation  ·  Flag idea as inappropriate…  ·  Admin →
            • Don't see your idea?

            Feedback and Knowledge Base

            icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.