Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. File Integrity Monitoring on Linux Server Protection

    Enterprises need File Integrity Monitoring on their Linux system files. This is a requirement for all systems requiring Continuous Monitoring (NIKST 800-137) which are all defense contractors, Government contractors, government agencies, and soon, all HIPAA covered entities.

    4 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      Under Review  ·  0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
    • Website/IP exclusions for Linux

      Allow us to add exclusions, especially to MTD, for websites/IP addresses in Linux. We have VMs in a cloud environment that are constantly talking to a monitoring host. Without those exclusions CPU usage is really high.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        Under Review  ·  0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
      • Sophos for Virtual Environments - Show GVM Count on Servers Page in Sophos Central

        I am aware that the number of GVMs protected by any one SVM is visible from the SVM Summary page in Sophos Central, but is there any chance the UI can be updated to show this on the main Servers list to save having to keep going in and out of each SVM to see the count against each?

        Basically an additional column on the Servers page in Sophos Central to show the amount of GVMs protected by each SVM

        Thanks

        2 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Virtualisation  ·  Flag idea as inappropriate…  ·  Admin →
        • Sophos for Virtual Environments - Load Balancing Capability

          Sophos for Virtual Environments v1.2.0 introduced GVM Migration functionality providing High Availability/Fail-Over. This is great, but I am seeing an issue where the GVMs aren't distributed nicely across the SVMs I have created.

          I have setup 19 SVMs and included all IPs in the additional_svms.txt on each. What I have found when using a gold image to deploy the GVM Agent to multiple virtual pools is that one SVM is favored above all others (600+ on one SVM)

          This results in performance issues... these are evident when running loadavg and nproc commands.

          So my request is, can SVE be updated…

          2 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            Under Review  ·  0 comments  ·  Virtualisation  ·  Flag idea as inappropriate…  ·  Admin →
          • linux move infected to quarantine

            Instead of locking access to infected file, an option to move to quarantine would be beneficial for real-time scanning of some 3rd party product queue directories

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              Under Review  ·  0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
            • Sophos Central - View Devices by Installed Components

              So the only current way to see installed components is via Devices > Computers > Manage Endpoint Software but this view is very limited.

              Can a drop down be created to show say for example -

              >Endpoints with Endpoint Standard
              >Endpoints with Endpoint Advanced
              >Endpoints with Intercept X

              Hope this makes sense.

              49 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                3 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
              • Sophos for Virtual Environment - message by malware

                If malware is detected on the guest VM, the user get a only a message, that the operation is not possible ("you can't write to ..." or "you neet rights to ..."). I would prefer a message that point the user to malware for instance "sophos protection has denied access because detection ...."

                5 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  Under Review  ·  1 comment  ·  Virtualisation  ·  Flag idea as inappropriate…  ·  Admin →
                • Deletion of Central Accounts

                  If a customer or Partner decides to not go for Central he should be able to delete the whole Central Account. This is to ensure

                  a) all his data is deleted permantly (data privacy law with cloud based systems in germany)
                  b) he can setup a new trial with the same Account at a later point (to see if the gabs being closed in a later release of central)
                  c.) from the partner point of view - it keeps Partner Dashboard structured and makes it more easy to manage and keeps it clean

                  74 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    Under Review  ·  7 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
                  • Exclusion rules should allow folder wildcards

                    ClamAV on a Linux Server uses /var/tmp/*.tmp/*.tmp to store email contents while scanning them, and the number of alerts from dubious contents can be high. As the *.tmp names are randomly generated, but start with ClamAV-*, it would be nice to exclude them and let ClamAV do it's work, then check the contents of the emails when they land in their final destination instead.

                    3 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      Under Review  ·  1 comment  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
                    • Only high alerts by mail

                      Good morning

                      Is it possible to receive only to high alerts by email?
                      And the rest of the alerts in the portal

                      Thanks and regards
                      Titus Davidheimann Beek

                      4 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        Under Review  ·  0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
                      • SAV Engine does not notify user when truly encrypted files are detected

                        The problem seems to come from misleading wording used in the SAV logs. For example, an the outbound scan result:

                        savscan testfile.docx
                        Password protected file testfile.docx

                        1 file scanned in 6 seconds.
                        1 error was encountered.
                        No viruses were discovered.
                        1 encrypted file was not checked.
                        End of Scan.

                        The file sent is a password protected word file. Putting a password on a file does not encrypt the contents, however, as the password is sent with the file, the password itself has to be encrypted. When we scan this file, as it isn’t encrypted, we are able to get the header…

                        2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          Under Review  ·  1 comment  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
                        • need to disable pop-ups for application control ,device,antivirus,web control from sophos endpoint cloud console

                          we need to disable the pop-ups which we receive on endpoint system for antivirus,device,application,web control from sophos oncloud console , so request you to kindly do the needful.

                          3 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            Under Review  ·  3 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
                          • Configure Alerting Thresholds in Cloud Console

                            Allow administrator to configure thresholds for alerts in cloud console. Currently I receive many alerts for non-actionable items such as when a machine reports "Real-time protection has been disabled on a computer." Even though the computer is protected, a shut down or update causes this alert and a few moments later, the protection is OK. I need to be able to adjust this trigger threshold and the same on other items such as out-of date machines, missing updates, PUA detected, etc.

                            24 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              5 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
                            • Alerts in Sophos Central should group together

                              Alerts in Sophos Central should group together like they did in the Dashboard in the old Sophos Cloud UI. I can view the alerts in the Reports, but I cannot action them from there.

                              4 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                Under Review  ·  3 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
                              • centrally manage quarantine

                                Allow actions of device quarantine from cloud console. Currently I have users with PUA in quarantine. I cannot perform any action from console. Each machine has to be touched

                                21 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  1 comment  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
                                • allow grouping of devices.

                                  It would be great to be able to group devices by site, dept or location. instead of having one big list of devices and trolling through to find specific ones, to be able to group the devices would be very user friendly.

                                  7 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    2 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Need a way to check endpoint policy version and compare to Cloud

                                    Need a way to verify if an endpoint is using the latest policy. It would be great if policies were given a number or last updated field that could be compared to a client to see if it is running the newest one.

                                    3 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Single Download for a Full Installer that is automatically updated with the latest updates.

                                      Some of my customers have really bad internet which means that installing your software is beyond a joke for 30 or 40 PCs, I ended up creating a single installer from your white papers however a location to download a FullInstaller that always kept up to date with downloads would be really useful meaning that only future updates would need downloading.

                                      3 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        4 comments  ·  Updating  ·  Flag idea as inappropriate…  ·  Admin →

                                        We’ll look again at the issue of “fat” or “single” installers in the future. We are currently working on an even thinner installer but that should pave the way to more flexibility and could mean an easier way to create your own customised (read fat) installer. We stopped creating the fat installers as they become out of date very quickly and we now also have more components to download and install for some licenses which would mean creating even more installers, better to have a “vanilla” installer that all can use and a method for customers who need a fat installer to create their own. No promises on a timeline for this yet though.

                                      • AV sample submission with Sophos Enterprise Console

                                        If I have a suspicious file which I want to deliver to Sophos labs for analysis I always have a risk.
                                        1. I need an established Internet connection to reach Sophos Upload portal.
                                        2. I need a mail-account (and also connection to the internet) to send the file.

                                        If the file is recognized as Mal/Gen I maybe cannot clean with the console, until a specific signature is created. So I have to upload this file. In worst case the file is on a remote location without IT on side.
                                        To get this file I have to connect to the machine,…

                                        46 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
                                          Under Review  ·  Karl responded

                                          As part of the policy controls for Sophos Live protection you have the option to enable auto sample submission to Sophos.

                                          The option to allow the identification of suspect files and then allow the administrator to periodically select which ones to send to Sophos is one of many options we are evaluating to improve sample collection from customers.

                                          In the interim sophos has added Sophos Clean, a new standalone next-generation malware detection and removal product that can be used on a machine that is suspected of being infected, but currently no detections are being reported. Sophos Clean is available for a 30 day evaluation at no charge. Often new malware that evades the existing detection models for the Endpoint can be captured through the signitureless detection capabilities in sophos clean. Sophos clean is a second opinion scanner.

                                        • Create Limited Administrators

                                          We would like to be able to create limited Administrators. It would be very useful to give access to the Cloud Console to all our members, but limiting the user and devices that they can manage. And of course, not allowing them to modify global settings, such as the Base Policy. These limits could be configured at a "Group" level, for example.

                                          17 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            3 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →

                                            This is being investigated with the intent of implementing restricted admin roles as we work towards full Role Based Administration.

                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.