Endpoint Protection
Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data
-
Sophos Central: Generate report (current version of Sophos Component) for all endpoint
Generate report from Sophos Central console to get the current version of every endpoint for Sophos components (CoreAgent, Endpoint Advanced & Sophos Intercept X)
1 vote -
SVE - Enable retargetting of Guest Agent
It would be great to be able to instruct a SVE Guest Agent to query a provided IP address and reinitiate its obtaining a list of SVE Appliances (i.e. the list for Guest Migration).
I want to use the same VDI golden image in two server rooms but have a way to re-point the local Agent install to an IP I give it (of a SVE Appliance on a host in the same room) at VM startup. My script would look at the network ID and then pass the Guest Agent an IP it knows is appropriate.
I don't want…
1 vote -
Sophos Endpoint - Device Isolation: Adaptive sensitivity
We are observing that some of our clients go into isolation while or shortly after an update to the Sophos Endpoint client components has been processed.
Support was unable to assist and my best guess is that the mechanism that decides when to isolate a given client is too sensitive - services can take longer than expected to come up on computers with slower hardware or high CPU load during the procedure.
Therefore I'm suggesting to make the self-protection mechanism more lenient during updates and high CPU/IO load scenarios.1 vote -
how about fixing the endpoint protection - website management as it is terrible
this not an idea but I am told by support that I need to raise my issue here where you will, in their exact words, "look into it directly"
the website management section of endpoint protection is rubbish, the list is not sorted at all, there are no filters, no searches and most of the time the entry you are looking for does not appear in the list. This needs fixing !!!1 vote -
Allow proactive certificate/MD5 safe-listing instead of reactive safe-listing
Currently there is not a way to safe-list files based on certificate or MD5 hash unless Sophos has detected it in the environment and blocked it.
We should be able to upload certificates or files to the Sophos cloud and tell it to make sure not to quarantine those.
This would make things like deployments smoother as well as clients migrating from other solutions where they have already gone through safe-listing exercises smoother.1 vote -
Peripheral Control - Exemption Description
We have many exemptions in the Peripheral Control Policy. It would be nice to be able to add a description as to why the exemption was made.
1 vote -
Endpoint & Server License Overlap Alerts
When a customer has a termed license which is due to expire, a license expiry notification is sent to the end user, stating that their licenses have expired. This notification is fine if their licenses have not been renewed and have expired.
However if their licenses have been renewed and there is a new termed contract in place.
Please do not email customers that their licenses have expired. As a result we end up with complaints from the end user that we have not renewed their licenses. Then have to explain it is Sophos fault for an automated service sending…1 vote -
Ability to whitelist a specific threat
Here is a use case. One of our computers is used for demo purposes, and the demo includes uploading a file that knowingly contains a malware and demonstrating that the malware is detected.
We use a specific type of malware: OF97/EicarDrp-A, and we attempted to create a dedicated policy just for this computer that excludes this type of malware. However, this turned out to be impossible. Using a "Potentially Unwanted Application" exclusion type and setting it to "OF97/EicarDrp-A" didn't work. The support engineer advised to use "File or folder" exclusion type (case number 03580697), which is quite insecure (the user…
1 vote -
XG rule notifications
I had to recently create a new drop rule with internal Zone any to wan zone to IP list, this was after repeated ATP alerts from a Linux host attempting Botnet detected host ip connections, I know ATP will block anyway but to be sure I decided to create this top-level Drop rule with the IP list for which I will add Detected IP addresses into so it applies to all internal traffic attempting communication to the same detected ip addresses. It then made me think it would be handy if it were possible to include firewall rules in the…
1 vote -
Application isolation
Please implement application isolation for the well-known apps like Office, Adobe reader, browsers.
Users can open files from unsafe locations in a secure container on the client to prevent threats.regards
1 vote -
Realtime and on access scanning for Linux version 20.04 and above.
My company has increased our Server licensing to cover our new Linux web fabric, just to find out that Sophos does not support a version of Linux that has been out for over a year now.
Please update to remedy this.
Thank you.1 vote -
Sophos Central Backup policy
Able to backup Sophos Central Endpoint and server protection policies/ configuration
Backup is so important :)
1 vote -
Sophos Central sub-estate push policy
Currently only the base policies can modify and push by enterprise admin to sub-estates/tenants.
It would be helpful for enterprise admin to create different policies for different sub-estates, especially if you don't want to have admins on sub-estate (e.g. you only want to assign helpdesk on tenants).
1 vote -
Suppression of notifications
Whenever a new update is rolled out, the endpoint agent will popup a message that says something like "Sophos Endpoint Agent Updated." or "Updates will complete upon system reboot" and this will generate unnecessary phone calls to our helpdesk. Requesting the ability to suppress (popup) notifications on Sophos Endpoint Agent via the Sophos Central site.
1 vote -
Cache previous web control policy so user switch policy activates faster
Please have the endpoint cache previous policy and/or all policies. Case 03520881 showed how a very restrictive web control policy doesn’t work initially IF the previous user had an full internet web control policy previously. Sophos takes 1-2min to identify the current user & apparently download the policy so the restricted user wrongly has open internet for 1-2min. If you have per-user policies shouldn’t they work right away? End-users don’t usually wait for things. This wasn’t an issue with a previous vendor ESET. This is more than just an inconvenience in a residential treatment facility & school settings where (CIPA)…
1 vote -
Ability to restore files which have been Quarantined/Cleaned up
As title, it would be nice if we could restore files which have been Quarantined/Cleaned up, rather than having to restore from backup. This feature is present in other AV's like Webroot.
This can be a pain to restore sometimes when things are falsely flagged as malicious
1 vote -
Sophos Endpoint Agent "Offline Installer"
The "Sophos Endpoint Agent" should successfully finish the installation process after the successful installation and setup of its own service. The installation of the other Sophos components should not be part of this installation routing.
1 vote -
Web Control Policy applying on a group of computers
there is no way to apply a web control policy to a group of computers independent of which user is logged in
please make this feature available1 vote -
a
a report or alert that notifies the admin when tamper protection is disabled and for how long it has been diabled
1 vote -
Reports
Report Regarding: Can you Add more column to the reports
EXP: IP Address, Operating System, and mac address
2 votes
- Don't see your idea?