Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. does not block drive.google.com

    Hello,

    We are facing a problem. We have created a Web control filter under "Control sites tagged in Website Management" where we blocked drive.google.com

    Despite of it being clocked, the site is accessible.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
  2. Need a option to add server group in SophosInstall.sh like Windows/Mac --devicegroup option

    Some customer asks about adding group automatically during the installation on Linux server(central).
    There is a option for Windows/Mac endpoints.
    Is it possible to add similar option for SophosInstall.sh? like --servergroup, --group and so on.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  3. DLP: Exclusions for internal Web-Applications / URLs

    As the number of internal Web-Applications is still growing, our users need to upload files that contain sensitive data, on to this (internal) web applications. These applications are accessed via webbrowser.

    With the current product I only have the option to either block or allow web browsers in DLP. I can also allow or deny filetypes. Unfortunately, both is not sufficient.

    There should just also be an option to add URL-exclusions to DLP.

    Would you please check if feasable?

    Best regards,
    Christoph

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Reregister Device

    The only current way to move ownership of a device such as a PC is to run SophosSetup.exe with the --registeronly switch. This is difficult, especially with physical access to computers limited because of Covid. It would be easier if an administrator could move the device to a different user much as a device can be moved from one device group to another.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support Answers In E-Mails Without HTML In It & Become S/MIME Aware

    HTML in emails is considered as a bad idea at least by the German CERT.
    So it would be good if the Sophos Support would get away from this
    marketing bullsh** and send his responses in plain text.

    Furthermore it would be good, if the processes with email based sample submission
    would be aware of S/MIME signed emails and evaluate the cryptographic signatures
    instead of marking them "non-detect worthy" (big lol)

    The as-is-state does not look professional.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Incident response  ·  Flag idea as inappropriate…  ·  Admin →
  6. notifications for hash

    Include the ability to customize notifications so that an alert can be sent out when a specific hash type is detected.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Malware prevention  ·  Flag idea as inappropriate…  ·  Admin →
  7. Search based on TLD

    Allow searches based on the top-level domain in Threat Search.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Incident investigation  ·  Flag idea as inappropriate…  ·  Admin →
  8. web site browsing

    Having the ability to enable / capture all user browsing activity when the need arises would be helpful in troubleshooting issues where a web site appears to be blocked but its unclear of the cause along with responding to HR requests to determine if a user is accessing sites that may not be blocked but are considered risky / not meant to be accessed as a normal course of business.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Incident investigation  ·  Flag idea as inappropriate…  ·  Admin →
  9. Policy issue on IP V6

    Hello Team,

    We are facing issues with applied application policy issue in our Sophos Intercept X and Advance. We have applied the policy for blocking the Google drive and dropbox, that was working earlier but now we are not able to do the same. As i logged the request in Sophos and found that, according to them there is some issue in IP V6 because all the machines have both versions on IP. According to them in each and every system we need to manually disable the IT V6 for blocking the drives.
    I think it is a bug, kindly…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Security/Control  ·  Flag idea as inappropriate…  ·  Admin →
  10. Threat Search Export

    Allow for Threat Search results to be exported as excel and/or CSV for use in a pivot table.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Incident investigation  ·  Flag idea as inappropriate…  ·  Admin →
  11. Threat Search Objects Filter

    Add the ability to filter out based on the device name or allow boolean operations for username and device name.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Incident investigation  ·  Flag idea as inappropriate…  ·  Admin →
  12. Excluding cryptoguard-detections

    Cryptoguard has detected a false positive detection of a client "attacking" a server. Fortunately it is a false positive, but there's no option to exclude the thumbprint of the client attacking a server, so Cryptoguard always recognizes this as an attack. There should be an exclusion for a client false-positively "attacking" a server.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  13. Whats About OCR in Sophos DLP

    OCR (optical character recognition) Sensitive Image Recognition provides the capability to extract text from images (scanned documents, screenshots, pictures, and so on) and from PDFs, enabling you to use new or preexisting text-based detection rules on this content.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Threat Search Object Limit

    I sometimes have tens of thousands of indicators of attack and compromise to run through the threat search, but I can do only 100 at a time. Increase the object limit to 500 or allow the importing of CSV's.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Incident investigation  ·  Flag idea as inappropriate…  ·  Admin →
  15. END POINT

    Hi,

    Please Provide the device Serial Number on the Dashboard, which really helps in the industry to Track the machine Immidelty.

    Also Reporting should be Improved with Large Visibility with PIE Chart & Category radio lines

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. I am unble to get details of machines where Sophos antivirus is not installed in network.

    I want to identify the machines in my network where Sophos AV is not installed. But I do not have any reports to do this, Is it possible to fetch these Details.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  17. Ability to select resolution to detections

    On Sophos Endpoint policies, having the ability to decide on "Action to take"on all detection/issues.
    When building software packages for deployment we receive numerous false positives.
    Having the ability to respond to a detection to say "This is a safe file" would save many hours wasted adding exceptions and repackaging again. This is already an option for "Low reputation files downloaded".

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  18. Name doesnt match

    Today we were investigating a system that had been getting taken over by remote control. Sophos said the system was clean and RDP wasn't being used so we were baffled. Eventually, we found that there was a copy of NeSupport Client which was digitally signed and had an original file name of client32.exe, but had been renamed to wupdsvc.exe. I think it would be a good idea for Sophos to flag files that are digitally signed, but not their original name, as suspicious when doing a scan.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  19. "Scan file with sophos AV" context menu function vs. sophos central exclusion list

    We had a strange behavior of Sophos Endpoint Protection which should be solved by changing the behavior of the "Scan with Sophos AV" option in the context menu of windows.

    What happened:
    A user had an infected word file stored on his desktop. When using the context menu function "scan file with Sophos AV" it doesn't find anything wrong or suspicious.
    This was weird because according to Virus Total this file contained Malware which was also detected by Sophos endpoint protection.
    When checking the exclusion list on Sophos Central we found an exclusion for C:\users*. This seems to prevent the…

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  20. Endpoint: "Scan with Sophos AV..." Option vs. exclusion list in Sophos Central

    We had a strange behavior of Sophos Endpoint Protection which should be solved by changing the bahavior of the "Scan with Sophos AV" option in the context menu of windows.

    What happend:
    A user had an infected word file stored on his desktop. When using the context menu function "scan file with Sophos AV" it doesn't find anything wrong or suspicious.
    This was weird because according to Virus Total this file contained Malware which was also detected by Sophos endpoint protection.
    When checking the exclusion list on Sophos Central we found an exclusion for C:\users*. This seems to prevent the…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.