Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Find out inactive computer status on Enterprise console (Endpoint protection)

    How we find out inactive computer status on Enterprise console (Endpoint protection) same as Sophos admin Center console show.
    We cannot generate reports for inactive computers form Sophos enterprise console.
    Please accept my request for adding the feature in the report so that with this we can generate from Sophos enterprise console server.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. central

    I been working with sophos products in our organization for close to 10 years. and this is my conclusion. who ever is designing the consoles does not design it from network admin perspective. for example, you login to the central cloud console you see alert and then you are on your own pal. you have no option to re-install the agent on the client from the console. same for policy violations alert. you have no button to force the policy. Imagine when you are responsible for near to a 1000 machine and lets say 100 of those gave you alerts.…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sophos Health Monitor Registry Values explained

    Please provide details on the registry values under:
    HKEYLOCALMACHINE\SOFTWARE\Sophos\Health\Status
    and the 64 bit equivalent.
    This looks like it would be very useful for us to create a Sophos endpoint monitor in our RMM platform - however there appears to be no documentation around the meaning of the values and support have been unable to provide the information.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  4. import USB exclusion

    It would be great for the Sophos Central to have a place to import the USB information (e.g., Serial number or brand) to the exclusion list. To make the migration from other brands to Sophos more easily and customers more willing to migrate to Sophos.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
  5. AMSI Not working with .Net framework 4.8

    AMSI integration Not working with .Net framework 4.8

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  6. Details of "Update succeeded" in the event log

    We would like to be displayed it so that we can see what has been updated in Central.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  7. Central Login: Prioritize the different 2nd Factor Auth options

    Please make it possible, to prioritize the different 2nd Factor Auth options. I use SMS token also as TOTP. I want to use TOTP as primary variant, but Sophos uses the SMS option every time as the first option. If i want to use TOTP, i have to manually switch the login method for this one time.
    Please implement a function, that i can prioritize the different mechanisms.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  8. Current feature does not allow the peripherals to be blocked system wise without blocking the peripherals and then whitelisting it.

    It will be of great help if we can have the feature of disabling and allowing of USB drives system wise. Fo example if I need to block a specific USB drive to a specific system only, its not possible without blanket blocking the USB access and then allowing it as exceptions. By this you have to change the statud quo of other systems. This will lead to operational issues one has block all USB access and then allow one by one. So everytime the user has to get IT to allow if the USB device is a fresh one.…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
  9. Internet Destination File Copy

    Add a way to tell if an 'Internet Destination File Copy' was an upload or a download. Currently you can not tell if a user uploaded a file or downloaded or file. You can see where files go to a users 'Download' folder on Windows but this is not a reliable enough way to determine this.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Controlled Updates in Sophos Central-I work in an environment which needs 4 levels to deploy updates. First would be the "test" group, then

    Controlled Updates in Sophos Central-I work in an environment which needs 4 levels to deploy updates. First would be the "test" group, then Dev, QA, and finally Prod. Currently Sophos only offers one group, but Enterprise environments require/demand a greater level of control over updates. Please seriously consider expanding our ability to have a more granular control set.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Updating  ·  Flag idea as inappropriate…  ·  Admin →
  11. Sophos Enterprise Console Cloud Primary Update location

    In a highly secure environment, servers in the DMZ are not allowed access to the internal servers (including Sophos management). This hinders the updates, since the primary update server must be configured to the internal management server, and only the secondary server can be configured to update from the Sophos cloud servers directly. In turn, this generates false alerts that download of updates failed due to update server not being reachable.

    My idea is to allows Sophos cloud to be the primary update server for these cases.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Updating  ·  Flag idea as inappropriate…  ·  Admin →
  12. File type filter for removable storage devices

    We want to allow read only access on floppy and optical drives, (secure) removable storage and MTP/PTP devices but restrict it to certain file types. For example: documents (PDF, DOCX, XLSX ...) and image files (JPG, PNG ...) are allowed but opening/copying executable files (EXE, MSI ...) and script files (CMD, BAT, PS1 etc.) are blocked.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
  13. Better handling of alerts when a firewall blocks an application

    Currently (7/1/20) in Sophos Central endpoints of ours with certain VPN software also installed will show events that a firewall has blocked application (fill in the blank). There's a couple of things I'd like to see improved. In our case this is normal for our VPN software to do this. These events along with other AV events can make it seem like something worse is happening at the endpoint, and can be misleading.

    -What was the firewall or application that was seen blocking another application? Can the event also contain this information?
    -Ability to ignore or make an exception for…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Data Control: Add Remote Control Applications on Destination Application List

    We would like to Monitor/Block File transfers on specific remote applications like Zoom, Webex, Teamviewer, AnyDesk and alike using the Data Control Policy on SEC. On the current feature, only Skype is listed under the VOIP Application and no other options for Remote Applications.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  15. Endpoint Monitor Only Mode

    Allow for deployment of the Sophos Endpoint Control in a monitor only mode. This mode should enable all features of Sophos Endpoint Control but only log and not block anything. This would be extremely helpful when protecting endpoints with custom configurations and hardware. The current method of "try and change" where you deploy then constantly tweak and change settings to get the device/software to work is far too time consuming. Having a monitor only mode would allow the device to work while reporting issues/non-compliance which then we can create policies and apply, while still in monitor mode, to determine if…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  16. Isolation UX enhancement

    The current design of isolation UI for Windows is to pop up an alert on the notification area, which I assume Sophos utilizes Windows feature, then disappears after a short while. End users who missed this popup will be isolated from the network not knowing why it is happening. Isolation can be initiated by sysadmin in the EDR feature, but can happen unexpectedly if auto-isolation is enabled and an endpoint fails in red status. This unwanted event is occasionally observed mainly due to one of Sophos service failure - Central Device Encryption is the most observed. If the isolation message…

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable Safeguard Enterprise for DUO

    Please enable Safeguard Enterprise to work with the 2nd factor authorization solution DUO (https://duo.com/) If both products are used on the same machine the single sign on in Safeguard Enterprise doesn´t work anymore.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  18. Customizable Central Admin Dashboard

    Adding a customizable dashboard to Sophos Central Admin would give administrators the option add the widgets that they need for their daily work routine on the first page that they see when logging in. Beside the already available widgets (customizable) additions from the report section would be nice. A Reset to Default functionality should also be provided.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add option for e-mail message when Real Time Scanning is enabled (again)

    Sophos sends an e-mail when Real Time Scanning is disabled, but it does not notify when it is enabled again. This causes extra work for administrators, since they have to check machines if RTS is running, while the system could already have notified them that this is the case.

    Please implement an option to let the system send an e-mail when RTS is re-enabled.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  20. malicious traffic detection

    My understanding from the FAQs is that malicious traffic detection just checks HTTP traffic for connections to known bad infrastructure. So that means a domain/IP must be known to be bad for Sophos MTD to detect it.
    If it's not already being done, I'd like to request the HTTP request be analysed to find suspicious indicators, for example a connection to URI's like /fre.php or /gate.php could be indicative of evil, but if the domain is not in your list then it would be missed.

    Also, does malicious traffic detection decrypt and analyse HTTPS traffic? Is DNS traffic monitored for…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Malicious Traffic Detection (MTD)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.