Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Endpoint added in multiple groups for applying device based policies for update and protection

    Endpoint added in multiple groups, so in case will apply update management policy don't use caches for the endpoints, those are already a part of different group or groups for protection, web and application control policy.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  2. allow local and policy based exclusions to play nice

    Allow localized exclusions per machine/client to play nice with global policies from the management portal.
    Currently it appears that policy based exclusions prevent the ability to add additional exclusions at an agent or client level.
    It would be ideal to have the policy enforced when pushed out but still allow subordinate exclusions to be configured for end user networks and devices.

    For example:
    I have global policies that apply well to all clients but not all and as a result certain several clients have had to be purposefully removed from the policy target group. Having to reconfigure common exclusions for…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sending out authenticated Emails from Endpoint

    Endpoints send email alerts only through email server which accept emails without authentication. Such an "open relay" is a "no go". Sophos claims to be an "Gartner Endpoint Leader" in todays newsletter...

    But what about the simple security things?

    Im waiting for that function now for more then 10 years!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  4. PureMessage Quarantine Web access: enable over HTTPS

    Please enable HTTPS web access to the PureMessage Quarantine store - this would enable us to allow access to it externally, very useful for people working remotely and using OWA and Exchange Mobile.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  5. Delay Endpoint "Updating Failed" Toast Notifications

    Current, if a endpoint managed device has not been used for a period of time, the next user who powers this one and logs in will get a notification stating that the "Updating has failed". At this point the software has / is in the process of downloading (or shortly will do) updates to the device as normal.

    This present increased admin and support overheads when users log tickets.

    Suggestion to have the ability to either disable this notification or have logic which enables this to be delayed in displaying to the end user until either a set time after…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  6. Intercept X - SDU Tool - Troubleshooting Files Excluded

    While working with Support we provided the SDU logs for investigation. Sophos Support came back and requested some additional files not captured as part of the SDU tool. Please add an option in the SDU to include these sources.

    To obtain these files we needed to disable Tamper Protection, and copy the files ourselves.

    From Sophos Support:
    To further progress, we will also require you to copy, zip, and upload the following directories to our FTP. The reason we require these folders is because they contain the snapshots of the event in a .tgz format which our SDU tool does…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  7. When Threat Case is not created revert to Pre-Intercept X behavior

    After upgrading to Intercept X with EDR in situations where are Threat Case is not created revert to the pre-Intercept X behavior of publishing the Detection Event as an Alert.

    "Note: Threat cases are only created for malicious detections; this does not include detections for PUAs, Application Control, Device Control, Web Control. Additionally if Sophos isn't able to automatically confirm a root cause, a Threat Case may not be generated."
    https://community.sophos.com/kb/en-us/125120

    We've gotten a number of malicious Events which haven't created corresponding Threat Cases for hosts assigned to the Intercept X with EDR policy. Sophos Support mentioned a Threat Case…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  8. User-created policy can be disabled by settings, but remain enforced?

    In Sophos central, for some policy categories it is possible to set a user-created policy to enforced, but "disable" it from its settings.

    For example, suppose that in the Web Control section there is the base policy at the bottom and the user-created one above it. If the user-created policy is opened for editing, the very first setting is:
    Web Control: Enforce/Ignore the settings in this section of the policy

    This setting is different from the Enforce/Ignore policy on the far right tab. Hence, it may be the case that there is an "ignored" policy, which retains "enforced" status, thus…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  9. Uninstall Sophos from endpoints via the Sophos endpoint console

    At the time we install Sophos Central EndPoint Protection solution on existing endpoint, it was impossible to uninstall existing Trend micro Worry Free solution automatically. it is a widely distributed solution, it will be interesting to add automatic uninstall of Trend Micro in Sophos Central Endpoint product.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  10. file type

    Sophos real-time does not provide protection against all archive formats.

    My testing showed that rar, tar, 7z files are not scanned. Ticket/Case opened and confirmed with support 8554747.

    Would like to see more control over what file types/archives are scanned

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  11. Enable tamper protection control via policy

    Currently via Sophos Central you can either disable tamper protection for a whole organisation, or individually per machine. I would like tamper protection to be controlled via a policy so that I can specify a certain department or group of users that can have tamper control disabled.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add name of namedscan to reporting for the "Threat detected" email

    Add name of namedscan to reporting for the "Threat detected" email.

    It currently says:

    "A threat was detected during an on-demand scan. Details follow:" ...

    this suggestion is to add the name of the scan to the email. The reason is to allow the admin to respond to the alert my referring to the specific scan on the host with the discovered issue.

    in addition I would suggest the option for a scan run an no issues found but "X files scanned" and "Y errors occured" during the scan " $$ named scan name".

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  13. new

    Even though folder exclusions recommended by Microsoft for Exchange Server 2016 are added to the Automatic exclusion list added to the servers, the recommended Exchange Server 2016 processes are not being added by Sophos Central. Would suggest to add those and the file extensions also.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  14. Datenschutz deaktiviert

    It seems to be quite unlucky to me that an endpoint with installed, but inactive "device encryption" shows the user the red Alarm sign ""Datenschutz deaktiviert" (german language Version).
    This should only appear with an active "device encryption" policy. We have to tell the users to ignore this warning. I am afraid, this teaches them to ignore any warning by Sophos.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  15. Machines not being able to contact Sophos Central

    Can the App Dev Team write or come with a script to where when a client machine has been accidentally removed from Sophos Central and the client cannot contact central that the script can uninstall client and or remove tamper protection from the client machine which in turns allow the IT Admin to reinstall the client over again so the machine can communicate with Central again. The process you all have now is time consuming especially If the client machine is at a remote site and the IT Admin is not in front to the machine to perform its administrative…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  16. Tamper Protection for Sophos Home

    I just want Tamper Protection to be implemented into Sophos Home products. I suggest this because I have recently found out that all Sophos home modules can be terminated just by using Task Manager. This tells me that Sophos Home can be easily disabled by anyone, including unwanted attackers and malware.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  17. Bring back the ability for standard users to schedule scans on Mac

    After the February 2018 update, standard users on macs lost the ability to schedule scans for themselves. This means that my department now have to set up a dozen scan preferences in the admin console since we have people working 24/7 across hundreds of computers and whenever a particular computer is not in use varies considerably.

    It would be a lot easier for all concerned if we can go back to one scheduled scan and letting users pick another convenient time like when they are at lunch.

    The ability to schedule scans was one reason we picked Sophos since most…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  18. linux endpoint client

    Apparently, Sophos does not currently have, and (per support) no plans for a Linux Endpoint client that works with Sophos Central. We have numerous Linux End User Laptops that we cannot support via Sophos Central because of this.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  19. agent versions

    Agent Versions. Currently it is difficult to see whether a client computer has the latest agent installed or not. You haven't to go into each client details to check the update button and information next to it. It would be really useful if there was an easy way to view which agents were not on the latest version.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow application and scanning white-listing to include a hash validation requirement.

    When using white-listing an application/file, can we add the ability for the application check to require matching a SHA-hash and filename, rather than requiring just a specific file name. This way known-good tools that are widely distributed can be safely excluded without risk.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.