There is a known issue where launching the console as a user who inherits membership of the Sophos Full Administrators group via nested groups.
It would be great if this was resolved and nested groups work. This is a compliance breakdown.

It would be very helpful to be able to set all preferences in SAV for Mac with Terminal to create a preconfigured installer. The options for the update location and the onaccess scan are not enough.

Although with AD sync SEC can install endpoint protection automatically to the computers, it tries only once to protect the machines. Sometimes if there was a netowork error SEC should try the installtion again, moreover this feature can be very useful if the security software was uninstalled from a machine. When there are a plenty of machines on the network it is difficullt to check if the automated installation was fine and/or re-protect the machines manually.
SEC should try to install the protection several time in a week or something like this...

Request for the ability in on-access scanner to be able to remove/cleanup adware and pua's automatically and not have to do it manually or use the scheduled scanner

We have deployed cloud endpoint protection for more than 300+ machines. In the event report its just shows the following columns (Severity, Event, User, Device, & When) So we are unable to know the user belongs to which group.?

Please ADD gropu name column in event report.

Thanks.. :)

I get alerts that say "Policy non-compliance: Application Control".
This information isn't useful, I need to know which application isn't in complacence, so that I can decide if I need to unblock it or uninstall the software.

We would like to see a feature to delay the autoupdate check on the Mac endpoint client. When Sophos starts the autoupdate process right away after a user is logged in, the machine can take a bit of a performance hit with all of the other processes starting up at the same time.

As a feature request, it would make more sense if we had an option to merge all duplicate names into one device history. We use physical asset tags, and our
machines are named from the tag numbers. We reimage machines and reinstall Sophos, so now we’re getting duplicates which is driving up our device count and hurting our effort to stay within our license limit.

for troubleshooting can be very useful uninstall or reinstall endpoint on multiple client remotely from management interface

Add the ability to turn off the web protection when on-prem, which would enable us to use the different web profiles offered by the UTM when on network.

When off-prem the default profile which is already applied via the UTM to the endpoint would take over. The endpoint firewall settings get you half way to detect which network but doesn't have the ability to turn off and on the local web protection.

Client would like the ability to be able to "Exempt device" in the device control event viewer when not using the "Default" sub estate

When you choose to make a "Full, Managed" package using the deployment Packager tool. The options for primary and secondary after grayed out as it assumes that the machine will soon get its policy for updating from the management server. I suggest we allow for a secondary location to be set for machines that will not be communicating with the management server for some months but will have sporadic internet access.

Hi Team,
I am working in the resller company. Every customers are concerning about this automatic USB scanning feature (If we insert the pendrive, then it should scan automatically all the files (or) the wizard should ask for the scan.
So this would be good, if we had this feature.

SEC does not list total # of licenses related to a customers instance. Instead, support has recommended we go by "managed endpoints." When purchasing additional licenses or installing to new machines, it would be nice to see exactly how many agents we have left to push out.

Would be nice if it's possible to simple change what is triggering mail alerts, how often, and perhaps include mail alerts to non-admins.

In general a basic opportunity to control what generates a mail alert and to disable the alerts you don't want to see. Seems a rather basic function to have missing in a enterprise product really.

Client would like an API interface that can be programmed to remove endpoints that no longer exist or can be removed from the console and database

We have tested the cloud console so have many 'events' we want to clear this so that its a fresh start for when we use the console officially with live environment.

There should be a way to bulk remove devices from Sophos Cloud. One way could be uploading a CSV file with device names to be removed.

Customer would like to see something like “YOU HAVE A VIRUS!!! But it’s OK, because I deleted it”

Sophos Product Information

Sophos Product: Sophos Endpoint Security and Control
Version in Production: 10.3

Feature Request Summary

How will this new feature address your business requirements?:

We have a requirement to provide process level exclusion on the antivirus, the processes are longer than 14 characters so we are currently not able to provide this with Sophos, and have the option of disabling on access scanning only this leaves the system in a vulnerable state.

How would you rate the importance of this feature?; 1 = Critical, 5 = Nice-to-have

1 - It is critical that we have this ability