Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Option to delete files when it can't be cleaned by Sophos

    We have several site all around the world but Sophos is centraly managed which means that we cannot always physically go to client computers or remotely connect to them (because of time zone, bad internet connectivity, etc...).

    So when an alert for files like those is raised in the console:
    Manual malware cleanup required: 'Mal/VMProtBad-A' at 'G:\PortableApps\Sid Meier's Civilization V + DLC\CivilizationV_DX11.exe'
    Manual malware cleanup required: 'Mal/Sality-D' at 'E:\hasna .scr'
    Manual malware cleanup required: 'Mal/VB-OL' at 'E:\Data Dell.exe'

    I would like to be able to select "Delete" and not just wait that something happen. Currently the only option is "Marked…

    24 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  2. Mac OS X DLP + App Control

    As customers increasingly add MacOS X to their estate, it is increasingly important to be able to control the Apps running on them as well as the DLP rules to protect data being moved from them.

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Endpoint automatically clears up failed Update files

    Endpoint automatically removes temporary files generated by earlier failed Update tasks, when next Update is run. This will prevent disk space filling up unnecessarily with redundant files.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Updating  ·  Flag idea as inappropriate…  ·  Admin →
  4. Labtech integration

    As an MSP we utilize Labtech to manage all endpoints. We NEED to be able to reliably see that not only Sophos endpoints are detected, but that they are actually updated properly with definitions. Please work with Labtech like all the other major AV vendors to provide us with an efficient and reliable method of being able to manage the endpoints.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Silent / Unattended install option for linux client

    Have the ability to do a silent / unattended install with the linux client.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Already Possible  ·  2 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  6. Mac OS X Sophos deployment support

    Supporting 3,000 Mac OS X computers has become difficult with Sophos. The removal of the Apple installer metapackage (pkg) option by Sophos has forced manual install tasks to occur. I request that Sophos provide a supported solution for customers to repackage the sophos app installer into pkg format. Sophos can continue their reasoning on why the new app format is required. The increase of Mac OS X computers in the customer environments will hopefully receive some of the additional support tools offered the Windows customers. Currently forcing Sophos customers to third party solutions to deploy Sophos makes it more difficult…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  7. add protection against archive-bombs

    there is current no protection against archive-bombs, we are missing some features like the ability to configure such things as "max nested archives" and "max. compression ratio" and "max. files in archive". Further a action should be configurable when for example the "max compression ratio" is exceeded by an archive

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →

    Hello,

    we do have achive/zip bomb protections (all be it with no configuration)
    If you do get another zip bomb file, pelase send it to support for analysis so we can determine why it was missed.

  8. Malicious Traffic Detection on Mac

    To stay in-line with Windows endpoints, Mac should also be looking towards MTD level protection. More and more companies are using Macs for their employees, the operating system is a known target for malware writers.

    There's nothing spotting Macs being part of a bot net, MTD is required to be able to detect and stop these connections.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Malicious Traffic Detection (MTD)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Virus email notification

    move virus email notification from the workstations to the SEC. Most workstations have smtp disabled for security so if a virus hits it admins are unaware until the nightly summary report. by moving it to the SEC admins are notified in a more timely manner

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Mail for Sophos Antivirus Release Management for SESC – Recommended and Preview Version

    Before an update of SAV Version, would help administrators, if Sophos informs a few days in advance per mail.
    Currently, preview and recommended version as of May 2019 are on the same ver-sion. Which is probably not the idea of the system. So clients can’t be tested with a preview test group.
    The information at https://community.sophos.com/kb/en-us/120189 is as often in-correct.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add a option for notification/Alert if Sophos update manger failed to update

    Add a option for notification/Alert if Sophos update manger failed to update

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow low priority scanning on OS X

    Allow the OS X client to scan in low priority mode. That means that apps get more CPU time than the scanning.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  13. For CLOUD solution-0Day

    For CLOUD solution, please enable protection for 0day, boot sector, buffer overflow protection, HIPS. These are available for on-premise solutions but not cloud.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →

    The protection features in the Cloud endpoint are principally the same as those in the on-premise endpoint but less options are visible in the policy. HIPS is on by default, BOPS is off but where DEP is also present (most newer hardware) it will pick up activity before BOPS does. I am not sure about your references to 0day and boot sector though?

  14. Howebrew

    The following idea for SAV for Mac free should be applied for all edition.
    https://community.sophos.com/products/free-antivirus-tools-for-desktops/f/17/t/10029

    Sophos installs a sweep command into /usr/local/bin, and a few auxiliary files. Doing this, Sophos also changes ownership of /usr/local and several sub-directories. This wreaks havoc with Howebrew, which by default installs to /usr/local and expects it to be writable by the "main user". In general, /usr/local should not be used by non-user controlled installations.

    A more polite way would be for Sophos to install its commands to /opt/sophos, and asking the user to and relevant paths if they wish to use the tools.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  15. Reducing Spurious warnings from SAV for Linux

    Currently, SAV for Linux sometimes issues warnings like:

    An error classified as '0x3c: Unable to write to talpa socket' was detected in the file '/run/named/session.key' when closing it at Thu Jul 9 00:19:15 2015 HKT +0800 (2015-07-08 16:19:15 UTC). Access to the file was not allowed.

    The files involved are created by standard services for temporary information, eg. : /run/named/session.key /run/named/named.pid /run/ntpd.pid

    Support case [#5279639] has identified this as an interaction with AppArmor, i.e. one security application (SAV) wants to read everything, another security application (AppArmor) wants to restrict reads.

    The advised workaround is to exclude the concerned files from…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →

    We have cleaned up a lot of messages recently. Please contact support if you find other examples

  16. Put a PAUSE button on the scans!

    Put a PAUSE button on the scans! When it is scanning it makes using the computer next to impossible--all apps are slow to respond, if at all. Sometimes need to use the computer during a scheduled scan--no choice now but to Cancel the scan. Other antivirus and anti-malware apps have PAUSE buttons, why not Sophos?

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Already Possible  ·  7 comments  ·  Malware prevention  ·  Flag idea as inappropriate…  ·  Admin →
  17. complete file path

    I am on Mac and I have several events showing in Sophos Endpoint. One the file shown as being malware is shown with ... in the middle of the file name as the file name is too long to fit in window, I currently see no way to display the whole file path. The only way to get the information is to have one of our system admins send us the info. They are tired of providing this info when a tool should be able to provide this information. Is there some way I can get this information without asking…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add Hex Editors to Application Control List

    "Hex editors" can be used to embed data into files for data exfiltration. Therefore, common editors should be added to the Application Control list of applications.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  19. Uninstall and Repair from onprem console

    Sophos Admins need a way to force uninstall remotely from the console.
    This is a standard features across other AV products i have used.

    we have a deployment of over 260 machines across 1km long distance. It is not always feasible to walk to the pc or log in remotely if the user is using the pc.

    Why has this basic admin feature not been implemented?

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  20. When will there be Sophos Endpoint Security compatibility with Windows security center

    When will there be full compatibility Sophos Endpoint Security with Windows security center?

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.