Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. allow local and policy based exclusions to play nice

    Allow localized exclusions per machine/client to play nice with global policies from the management portal.
    Currently it appears that policy based exclusions prevent the ability to add additional exclusions at an agent or client level.
    It would be ideal to have the policy enforced when pushed out but still allow subordinate exclusions to be configured for end user networks and devices.

    For example:
    I have global policies that apply well to all clients but not all and as a result certain several clients have had to be purposefully removed from the policy target group. Having to reconfigure common exclusions for…

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
    • Tamper Protection - When any Sophos process is attempted to be ended

      Our PCI-DSS Level 1 audit has asked us to show logs when any attempt to kill any Sophos process is done. None can be found, despite Sophos Support claiming an event is logged in Event Viewer - no Event Source, Event ID or other information was provided to prove this is the case. An "Access Denied" Error is generated by tamper protection, that's nice. We have no proof that someone or something attempted to circumvent Sophos until it has actually be circumvented - alert in Sophos central that the computer is no longer protected, nor how long this attempt to…

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Compromise detection  ·  Flag idea as inappropriate…  ·  Admin →
      • New report type : USB allowed/blocked

        We are using the device control feature to block USB drives in most PCs and created sub-groups to allow certain PCs to have USB Access.
        Currently there is no reporting on how many computers have USB access allowed and how many have it denied, so kindly let us know about this feature

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
        • Update Sophos Version/Agent Manually to make up for lack of Control in Controlled Updates

          Currently in Sophos Central we can add servers to a Test Group and prevent all other servers from having their agent update.
          This is completely inadequate. Need to be able to create more Server Groups and be able to update to the new version by server group.

          Should be able to download a manual install for the new version and apply it to the servers while Controlled Updates is turned on.

          This would allow us to update critical servers at a time of our choosing.

          Right now, the option is Update All Servers - This is equivalent to pushing the…

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Updating  ·  Flag idea as inappropriate…  ·  Admin →
          • Detailed Reporting of Installed Agents

            Need to be able to see the protected servers with a list that shows more details. Agent Version, Component Versons. Customize Lists.

            Need to add a report to produce a detailed server list and installed component versions.
            THIS IS AN AUDITING REQUIREMENT - KPMG!

            Thanks.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
            • Ability to change Network card binding order

              Servers with multiple network cards. Endpoint binds to the wrong network card.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Next Generation Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
              • Force bitlocker recovery mode from Sophos Cloud console

                It would be great if we could force a device into Bitlocker "Recovery Mode" from the cloud console. This would effectively lock untrusted users out of the device that was lost or stolen.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • desinstallation sophos endpoint

                  Merci a Sophos de trouver une solution simple et rapide pour désinstallation leur soft client Desinstallation sophos endpoint sur PC .

                  Merci.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • web control policy granular logging

                    Allow web categories or web sites to be deselected from logging. Example, if you block 'personals and dating' you get multiple connections to graph.facebook.com connect.facebook.net and api.facebook.com even when the user is not deliberately attempting to log in to facebook. This creates a large volume of alerts which obscures genuine infringements.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • ESA Backup vis SFTP (TCP Port 22)

                      Sophos Email Appliance currently only support backup via plain FTP on port TCP 21. FTP transmit everything via plain text including the username and password. I would like to request support backup via secure protocols (i.e. SFTP). Thank you in advance.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • DLP Custom rules

                        I would like to list the number of records on a Custom Content Control List. So if I have a custom Account number, I want to list the number of those accounts that can be sent at one time. Right now, all I can do is specify the custom account or match a certain phrase. The only categories that I can specify the number of matches is on the Sophos Default DLP Policies.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
                        • Alert for Formatted Devices

                          Sophos to include a way to alert Administrators to PCs formatted [MAC andress] devices so that we know when and where a device has been formatted and whether or not Sophos has been reinstalled if it has the MAC information with the discovery of Sophos network.

                          4 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
                          • in application control policy we need to select particular component to allow

                            in application control policy we need to select particular component to allow

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Web Address in DLP alerts

                              In DLP Alerts for files that interact with web browsers, is it possible to show the web address that the file interacted with?

                              For example: a user uploads a file which trips the alert into Google Drive.
                              The alert would show User, File Path, File Name, Application: Google Chrome, Web Address: drive.google.com

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
                              • Intercept X - SDU Tool - Troubleshooting Files Excluded

                                While working with Support we provided the SDU logs for investigation. Sophos Support came back and requested some additional files not captured as part of the SDU tool. Please add an option in the SDU to include these sources.

                                To obtain these files we needed to disable Tamper Protection, and copy the files ourselves.

                                From Sophos Support:
                                To further progress, we will also require you to copy, zip, and upload the following directories to our FTP. The reason we require these folders is because they contain the snapshots of the event in a .tgz format which our SDU tool does…

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
                                • Intercept X - Threat Case - Root Cause not Identified, No Threat Case

                                  After upgrading to Intercept X with EDR there are situations where a Threat Case is not created. Sophos Support mentioned a Threat Case was not forwarded to Central because a root cause could not be found. Even when a Root Cause cannot be identified consider creating a Threat Case so customers have access to the additional context information. Perhaps set the beacon as the root cause.

                                  "Note: Threat cases are only created for malicious detections; this does not include detections for PUAs, Application Control, Device Control, Web Control. Additionally if Sophos isn't able to automatically confirm a root cause, a…

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Next Generation Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
                                  • When Threat Case is not created revert to Pre-Intercept X behavior

                                    After upgrading to Intercept X with EDR in situations where are Threat Case is not created revert to the pre-Intercept X behavior of publishing the Detection Event as an Alert.

                                    "Note: Threat cases are only created for malicious detections; this does not include detections for PUAs, Application Control, Device Control, Web Control. Additionally if Sophos isn't able to automatically confirm a root cause, a Threat Case may not be generated."
                                    https://community.sophos.com/kb/en-us/125120

                                    We've gotten a number of malicious Events which haven't created corresponding Threat Cases for hosts assigned to the Intercept X with EDR policy. Sophos Support mentioned a Threat Case…

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Sophos Home Premium Authentication Required for Management Console

                                      Dear Support Team,

                                      I have observed that whenever you open the Sophos Home Premium agent on the Endpoint (client computer), it has a settings tab located on it. I have observed that by clicking this settings tab automatically takes you to the Sophos Home Premium Cloud Management Console, without even asking or prompting for the username or password on the website, which is quite insecure I would say.

                                      That way anyone using the home computer can change the policies and security settings. I want to enforce certain restriction on the Laptops used by the kids. Since the settings tab does…

                                      4 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Invincea Sandboxing

                                        Hi guys, when Invincea was bought by Sophos I was excited about Invincea's sandboxing feature to be included to Sophos Endpoint Protection.
                                        This however doesn't appear to have been planned.
                                        Useful scenarios include:
                                        - Running unknown/suspicious applications in a sandboxed environment.
                                        - Opening email attachments
                                        - Opening downloaded files
                                        - Manual use by security admins (Specify programs to run in sandbox, or temporarily whitelist a blocked program/file forcing it to run in sandbox for investigations.)

                                        That last one is particularly useful, as we've recently had a case where some emails were flagged by Sophos and quarantined. Sophos would block us…

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  APT/zero day detection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Make Malware Removal More Powerful

                                          Sophos is really good at finding malware, but not so good at cleaning it up. Half the time it requires, "Manual Cleanup." If it had better/more powerful removal capabilities, that would be fantastic.

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Malware prevention  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 49 50
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.