It would be great to be able to instruct a SVE Guest Agent to query a provided IP address and reinitiate its obtaining a list of SVE Appliances (i.e. the list for Guest Migration).

I want to use the same VDI golden image in two server rooms but have a way to re-point the local Agent install to an IP I give it (of a SVE Appliance on a host in the same room) at VM startup. My script would look at the network ID and then pass the Guest Agent an IP it knows is appropriate.

I don't want there to be any chance of the VM talking to the wrong room. It could also be thought of as a way to migrate a Guest VM from one "Guest Migration" set of SVE appliances to another.

When a customer has a termed license which is due to expire, a license expiry notification is sent to the end user, stating that their licenses have expired. This notification is fine if their licenses have not been renewed and have expired.

However if their licenses have been renewed and there is a new termed contract in place.
Please do not email customers that their licenses have expired. As a result we end up with complaints from the end user that we have not renewed their licenses. Then have to explain it is Sophos fault for an automated service sending incorrect information to the end user. This looks very unprofessional and would like if these notifications are stopped when a user has a new termed license contracts in place.

Here is a use case. One of our computers is used for demo purposes, and the demo includes uploading a file that knowingly contains a malware and demonstrating that the malware is detected.

We use a specific type of malware: OF97/EicarDrp-A, and we attempted to create a dedicated policy just for this computer that excludes this type of malware. However, this turned out to be impossible. Using a "Potentially Unwanted Application" exclusion type and setting it to "OF97/EicarDrp-A" didn't work. The support engineer advised to use "File or folder" exclusion type (case number 03580697), which is quite insecure (the user can store ANY malware under the whitelisted name, not just the approved OF97/EicarDrp-A).

Please add a possibility to exclude a specific threat from an endpoint policy.

I had to recently create a new drop rule with internal Zone any to wan zone to IP list, this was after repeated ATP alerts from a Linux host attempting Botnet detected host ip connections, I know ATP will block anyway but to be sure I decided to create this top-level Drop rule with the IP list for which I will add Detected IP addresses into so it applies to all internal traffic attempting communication to the same detected ip addresses. It then made me think it would be handy if it were possible to include firewall rules in the current notification lists available i.e. hits on certain FW rules would generate additional notifications as well as the existing ATP alerts. I realise this may be redundant as ATP does notify already but this would be a fall-back line of defence of which notifications would be so handy to have Aswell.

Please have the endpoint cache previous policy and/or all policies. Case 03520881 showed how a very restrictive web control policy doesn’t work initially IF the previous user had an full internet web control policy previously. Sophos takes 1-2min to identify the current user & apparently download the policy so the restricted user wrongly has open internet for 1-2min. If you have per-user policies shouldn’t they work right away? End-users don’t usually wait for things. This wasn’t an issue with a previous vendor ESET. This is more than just an inconvenience in a residential treatment facility & school settings where (CIPA) grant money could be lost if website blocking isn't working:
https://www.ncsl.org/research/telecommunications-and-information-technology/state-internet-filtering-laws.aspx