Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ARM Processor Support

    With the advent of the Surface Pro X, there is becoming a push for more 2-in-1 devices to work on ARM technology (as is found in most cell phones and tablets) to run full Windows OS's. However, there is no support for Endpoint Protection (Cloud or On-Prem) for these types of devices. I would like to see an Endpoint Protection package (Anti-virus, firewall, application control, etc.) that will support ARM processors.

    214 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  29 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  2. Isolation UX enhancement

    The current design of isolation UI for Windows is to pop up an alert on the notification area, which I assume Sophos utilizes Windows feature, then disappears after a short while. End users who missed this popup will be isolated from the network not knowing why it is happening. Isolation can be initiated by sysadmin in the EDR feature, but can happen unexpectedly if auto-isolation is enabled and an endpoint fails in red status. This unwanted event is occasionally observed mainly due to one of Sophos service failure - Central Device Encryption is the most observed. If the isolation message…

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  3. "Scan file with sophos AV" context menu function vs. sophos central exclusion list

    We had a strange behavior of Sophos Endpoint Protection which should be solved by changing the behavior of the "Scan with Sophos AV" option in the context menu of windows.

    What happened:
    A user had an infected word file stored on his desktop. When using the context menu function "scan file with Sophos AV" it doesn't find anything wrong or suspicious.
    This was weird because according to Virus Total this file contained Malware which was also detected by Sophos endpoint protection.
    When checking the exclusion list on Sophos Central we found an exclusion for C:\users*. This seems to prevent the…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  4. Block Google Quic on Sophos Central Endpoint Protection

    Allow us to block Google Quic protocol on Endpoint level since we can do it from the Firewall. This would allow us to block it from the agent instead of having to manually disable it on Chrome or setup a Windows Firewall rule to block 443 or 80 on UDP.

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  5. MAC address

    Sophos Central should show MAC addresses for connected devices.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  6. IPS on Endpoint - Heartbeat XG IPS offloading

    Having now IPS on Endpoint, means that behind an XG FW with its own IPS activated there's a certain overlap (double check) of certain IPS patterns.
    Proposal: use the heartbeat (synch security) to check whether or not the endpoint is sitting behind an XG FW with IPS enabled. If so, the endpoint doesn't have to check them again and can save some resources.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  7. List machines with tamper protection disabled

    There is no way to run a report or search for any devices that have had tamper protection disabled and it has not been re-enabled.

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  8. Excluding cryptoguard-detections

    Cryptoguard has detected a false positive detection of a client "attacking" a server. Fortunately it is a false positive, but there's no option to exclude the thumbprint of the client attacking a server, so Cryptoguard always recognizes this as an attack. There should be an exclusion for a client false-positively "attacking" a server.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  9. I am unble to get details of machines where Sophos antivirus is not installed in network.

    I want to identify the machines in my network where Sophos AV is not installed. But I do not have any reports to do this, Is it possible to fetch these Details.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  10. Name doesnt match

    Today we were investigating a system that had been getting taken over by remote control. Sophos said the system was clean and RDP wasn't being used so we were baffled. Eventually, we found that there was a copy of NeSupport Client which was digitally signed and had an original file name of client32.exe, but had been renamed to wupdsvc.exe. I think it would be a good idea for Sophos to flag files that are digitally signed, but not their original name, as suspicious when doing a scan.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  11. Endpoint: "Scan with Sophos AV..." Option vs. exclusion list in Sophos Central

    We had a strange behavior of Sophos Endpoint Protection which should be solved by changing the bahavior of the "Scan with Sophos AV" option in the context menu of windows.

    What happend:
    A user had an infected word file stored on his desktop. When using the context menu function "scan file with Sophos AV" it doesn't find anything wrong or suspicious.
    This was weird because according to Virus Total this file contained Malware which was also detected by Sophos endpoint protection.
    When checking the exclusion list on Sophos Central we found an exclusion for C:\users*. This seems to prevent the…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  12. Show communication problems with Central on Endpoint

    Hi to all,

    when there is a communication problem between Endpoint and Central, the endpoint doesn't report any problem as long as you go under Status section.
    In my company i had the case of a Windows 10 PC not showned under Central, but with no symptoms of malfunctiong from the Endpoint side,
    This is a big problem, because i could have an endpoint infected with a malware without have an alert on Central.
    From my point of view it's necessary to show an alert every X hours on the Endpoint that report this.
    Thank you.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  13. custom hash list feeds


    1. support automation of adding block hashes into endpoint protection blocked items via custom feeds


    2. alerts on the dashboard for detection of files that are in the blocked item list. currently there is no alerts on the dashboard. if one does not have a SIEM to do monitoring, then one must manually check each endpoint in the central to see who has detection due to the blocked item list.


    3. option to automatically create case based on item 2.


    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  14. .msi installer

    .msi installer for Sophos.

    Is it possible to get an .msi installer for Sophos Endpoint Protection?

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  15. Update SDU to Check for Root and Third-Party CA Certs

    During a recent install of Sophos to a Windows-based appliance I could not get Sophos to install. Running the SDU showed that it had problems accessing certain sophos.com URLs even though network packet captures showed the handshake. It turned out to be that the root/third-party CA cert was missing from the machines certificate store so while the TCP handshake completed a TLS tunnel could not be built b/c the TLS cert on Sophos could not be verified.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  16. Simple Addition : Machine reboot status event on Sophos Central

    On Sophos Central, we do get events whether a reboot is required for a server / endpoint or not. But it doesnt generate any event whether the reboot has been completed.

    The same event gets generated on client side but not on console side which is very lame.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  17. Sophos Central allows us to create a policy that blocks the use of all web browsers. What we would prefer is to block all Intenet access.

    Sophos Central allows us to create a policy that blocks the use of all web browsers. What we would prefer is to block all Intenet access without having to purchase an additional module that has this capability.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos Device Encryption Suspended Verbose Logging

    When updating your windows machines multiple alerts are fired informing admins Device encryption has been suspended. The thought here is to put more verbose logging so these aren't generic alerts but rather actionable alerts. Informing admins if the suspension is due to patching would be helpful as this is a standard practice that occurs every 30 days or so. This would help increase the priority to review this alert if we are able to distinguish between a patching suspension or another process which should be looked into more seriously.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable Safeguard Enterprise for DUO

    Please enable Safeguard Enterprise to work with the 2nd factor authorization solution DUO (https://duo.com/) If both products are used on the same machine the single sign on in Safeguard Enterprise doesn´t work anymore.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add option for e-mail message when Real Time Scanning is enabled (again)

    Sophos sends an e-mail when Real Time Scanning is disabled, but it does not notify when it is enabled again. This causes extra work for administrators, since they have to check machines if RTS is running, while the system could already have notified them that this is the case.

    Please implement an option to let the system send an e-mail when RTS is re-enabled.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 9 10
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.