End user control for some features
Every other AV we've used in corporate environments allows for SOME ability by the end user to add exclusions if needed, yet still disallowing them the ability to shut down protection overall. I'm told by Sophos support this is not an option at all here.
If you have a company with someone overseas, who is on the phone with a software vendor who is saying they should exclude a specific file, it would help if they COULD do that, rather than waiting 8 or 10 hours for someone to wake up on the other side of the world who can get at the mothership settings. I can see that there certainly are instances where you want end users to NOT change policy at all, but by the same token, there ARE times that and end user needs to be able to whitelist something without having to wait for someone else to do it for them, especially companies that lack their own IT department and use consultants.