Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. File Integrity Monitoring on Linux Server Protection

    Enterprises need File Integrity Monitoring on their Linux system files. This is a requirement for all systems requiring Continuous Monitoring (NIKST 800-137) which are all defense contractors, Government contractors, government agencies, and soon, all HIPAA covered entities.

    4 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      Under Review  ·  0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
    • Website/IP exclusions for Linux

      Allow us to add exclusions, especially to MTD, for websites/IP addresses in Linux. We have VMs in a cloud environment that are constantly talking to a monitoring host. Without those exclusions CPU usage is really high.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        Under Review  ·  0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
      • Make Real time scanning - Local files and network shares applicable on Linux

        Apparently the policy setting:
        "Real-time scanning - Local files and network shares" that can be configured for:
        on read
        on write
        only applies to Windows clients and not to Linux clients. On Linux you have to manually change the preference using eg:
        /opt/sophos-av/bin/savconfig set TalpaOperations -- -open
        to disable "on read"
        But obviously:
        1. This is not scallable
        2. This makes the Linux Sophos AV impaired in terms of feature comparison to Windows
        3. It's very problematic on eg. NFS servers where on open NEEDS to be disabled due to high CPU usage that sophos processes may spark.

        7 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
        • linux move infected to quarantine

          Instead of locking access to infected file, an option to move to quarantine would be beneficial for real-time scanning of some 3rd party product queue directories

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            Under Review  ·  0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
          • Make mkinstpkg support HTTPS locations

            When preparing a Linux installation package on SAV for Linux 9.12.3, attempting to specify an update URL in the form "https://server.example.com/sophos" results in the message "The update source address must be a website or an absolute directory path." Keeping the same URL but removing the S, i.e. "http://server.example.com/sophos" works as expected.

            Please enhance the tool to allow HTTPS locations so authentication passwords aren't sent in the clear.

            2 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
            • Exclusion rules should allow folder wildcards

              ClamAV on a Linux Server uses /var/tmp/*.tmp/*.tmp to store email contents while scanning them, and the number of alerts from dubious contents can be high. As the *.tmp names are randomly generated, but start with ClamAV-*, it would be nice to exclude them and let ClamAV do it's work, then check the contents of the emails when they land in their final destination instead.

              3 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                Under Review  ·  1 comment  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
              • SAV Engine does not notify user when truly encrypted files are detected

                The problem seems to come from misleading wording used in the SAV logs. For example, an the outbound scan result:

                savscan testfile.docx
                Password protected file testfile.docx

                1 file scanned in 6 seconds.
                1 error was encountered.
                No viruses were discovered.
                1 encrypted file was not checked.
                End of Scan.

                The file sent is a password protected word file. Putting a password on a file does not encrypt the contents, however, as the password is sent with the file, the password itself has to be encrypted. When we scan this file, as it isn’t encrypted, we are able to get the header…

                2 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  Under Review  ·  1 comment  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
                • scheduled scan: control priority / niceness of jobs

                  scheduled scans are still quite limited, as we can see here: https://www.sophos.com/en-us/support/knowledgebase/117346.aspx

                  One of the options we would like to see is being able to give the scheduled scan some reduced system priority / i.e. niceness, to limit the performance impact of scans: scheduled scans normally need not run at high priorities.

                  13 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    1 comment  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
                  • scheduled scan: option to abort a running scheduled scan

                    scheduled scans are still quite limited, as we can see here: https://www.sophos.com/en-us/support/knowledgebase/117346.aspx

                    One of the options we would like to see is being able to abort a running scheduled scan.

                    5 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
                    • scheduled scan: implement quoting in exclusion definitions

                      One of the options we would like to see is that the exclusions specified with the exclude keyword can include quotes like "\ " to specify a space in a path / file specification. Currently, we have to workaround by putting asterisks at those character positions.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
                      • scheduled scan: implement controlling Default extensions

                        scheduled scans are still quite limited, as we can see here: https://www.sophos.com/en-us/support/knowledgebase/117346.aspx

                        One of the options we would like to see is that we would like to control the list of Default extensions that is implicitely active: there is only a parameter called "excludeExtension"

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
                        • SAVDI reload on sav update

                          Please notify a running savdi about the performed pattern update by the savupdate process.
                          This is more a bug than a feature-request and should be implemented very easily, because the savdi daemon writes a pid-file and has already implemented a signal for this (kill -HUP <savdi pid>).
                          The implementation could be done in a few lines of code...

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            Under Review  ·  1 comment  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
                          • HIPS for Linux

                            We would like to see HIPS functionality added to the Sophos AntiVirus Linux client.

                            7 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              Under Review  ·  2 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
                            • Don't see your idea?

                            Feedback and Knowledge Base

                            icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.