Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sophos compatible with Airwhatch product

    Hello Team,

    I have a customer that have suggested that Sophos be compatible with Airwhatch .

    Any ideas if that can happened in the future?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow disabling the "No threats found" message

    Although I've disabled Desktop Messaging across the board in Sophos Central, endpoint users are still getting "No threats found" notifications.

    Sophos support has confirmed that there's no way to disable that message without editing the endpoint computer's registry to completely disable balloon notifications.

    Please add the ability to easily disable the "No threats found" message, as well as any other messages that aren't covered by Desktop Messaging.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  3. Endpoint added in multiple groups for applying device based policies for update and protection

    Endpoint added in multiple groups, so in case will apply update management policy don't use caches for the endpoints, those are already a part of different group or groups for protection, web and application control policy.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  4. allow local and policy based exclusions to play nice

    Allow localized exclusions per machine/client to play nice with global policies from the management portal.
    Currently it appears that policy based exclusions prevent the ability to add additional exclusions at an agent or client level.
    It would be ideal to have the policy enforced when pushed out but still allow subordinate exclusions to be configured for end user networks and devices.

    For example:
    I have global policies that apply well to all clients but not all and as a result certain several clients have had to be purposefully removed from the policy target group. Having to reconfigure common exclusions for…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  5. Intercept X - SDU Tool - Troubleshooting Files Excluded

    While working with Support we provided the SDU logs for investigation. Sophos Support came back and requested some additional files not captured as part of the SDU tool. Please add an option in the SDU to include these sources.

    To obtain these files we needed to disable Tamper Protection, and copy the files ourselves.

    From Sophos Support:
    To further progress, we will also require you to copy, zip, and upload the following directories to our FTP. The reason we require these folders is because they contain the snapshots of the event in a .tgz format which our SDU tool does…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  6. Sending out authenticated Emails from Endpoint

    Endpoints send email alerts only through email server which accept emails without authentication. Such an "open relay" is a "no go". Sophos claims to be an "Gartner Endpoint Leader" in todays newsletter...

    But what about the simple security things?

    Im waiting for that function now for more then 10 years!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  7. PureMessage Quarantine Web access: enable over HTTPS

    Please enable HTTPS web access to the PureMessage Quarantine store - this would enable us to allow access to it externally, very useful for people working remotely and using OWA and Exchange Mobile.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  8. Delay Endpoint "Updating Failed" Toast Notifications

    Current, if a endpoint managed device has not been used for a period of time, the next user who powers this one and logs in will get a notification stating that the "Updating has failed". At this point the software has / is in the process of downloading (or shortly will do) updates to the device as normal.

    This present increased admin and support overheads when users log tickets.

    Suggestion to have the ability to either disable this notification or have logic which enables this to be delayed in displaying to the end user until either a set time after…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable tamper protection control via policy

    Currently via Sophos Central you can either disable tamper protection for a whole organisation, or individually per machine. I would like tamper protection to be controlled via a policy so that I can specify a certain department or group of users that can have tamper control disabled.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  10. When Threat Case is not created revert to Pre-Intercept X behavior

    After upgrading to Intercept X with EDR in situations where are Threat Case is not created revert to the pre-Intercept X behavior of publishing the Detection Event as an Alert.

    "Note: Threat cases are only created for malicious detections; this does not include detections for PUAs, Application Control, Device Control, Web Control. Additionally if Sophos isn't able to automatically confirm a root cause, a Threat Case may not be generated."
    https://community.sophos.com/kb/en-us/125120

    We've gotten a number of malicious Events which haven't created corresponding Threat Cases for hosts assigned to the Intercept X with EDR policy. Sophos Support mentioned a Threat Case…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  11. Uninstall Sophos from endpoints via the Sophos endpoint console

    At the time we install Sophos Central EndPoint Protection solution on existing endpoint, it was impossible to uninstall existing Trend micro Worry Free solution automatically. it is a widely distributed solution, it will be interesting to add automatic uninstall of Trend Micro in Sophos Central Endpoint product.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  12. User-created policy can be disabled by settings, but remain enforced?

    In Sophos central, for some policy categories it is possible to set a user-created policy to enforced, but "disable" it from its settings.

    For example, suppose that in the Web Control section there is the base policy at the bottom and the user-created one above it. If the user-created policy is opened for editing, the very first setting is:
    Web Control: Enforce/Ignore the settings in this section of the policy

    This setting is different from the Enforce/Ignore policy on the far right tab. Hence, it may be the case that there is an "ignored" policy, which retains "enforced" status, thus…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  13. file type

    Sophos real-time does not provide protection against all archive formats.

    My testing showed that rar, tar, 7z files are not scanned. Ticket/Case opened and confirmed with support 8554747.

    Would like to see more control over what file types/archives are scanned

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add name of namedscan to reporting for the "Threat detected" email

    Add name of namedscan to reporting for the "Threat detected" email.

    It currently says:

    "A threat was detected during an on-demand scan. Details follow:" ...

    this suggestion is to add the name of the scan to the email. The reason is to allow the admin to respond to the alert my referring to the specific scan on the host with the discovered issue.

    in addition I would suggest the option for a scan run an no issues found but "X files scanned" and "Y errors occured" during the scan " $$ named scan name".

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  15. Datenschutz deaktiviert

    It seems to be quite unlucky to me that an endpoint with installed, but inactive "device encryption" shows the user the red Alarm sign ""Datenschutz deaktiviert" (german language Version).
    This should only appear with an active "device encryption" policy. We have to tell the users to ignore this warning. I am afraid, this teaches them to ignore any warning by Sophos.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  16. new

    Even though folder exclusions recommended by Microsoft for Exchange Server 2016 are added to the Automatic exclusion list added to the servers, the recommended Exchange Server 2016 processes are not being added by Sophos Central. Would suggest to add those and the file extensions also.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  17. Machines not being able to contact Sophos Central

    Can the App Dev Team write or come with a script to where when a client machine has been accidentally removed from Sophos Central and the client cannot contact central that the script can uninstall client and or remove tamper protection from the client machine which in turns allow the IT Admin to reinstall the client over again so the machine can communicate with Central again. The process you all have now is time consuming especially If the client machine is at a remote site and the IT Admin is not in front to the machine to perform its administrative…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  18. Tamper Protection for Sophos Home

    I just want Tamper Protection to be implemented into Sophos Home products. I suggest this because I have recently found out that all Sophos home modules can be terminated just by using Task Manager. This tells me that Sophos Home can be easily disabled by anyone, including unwanted attackers and malware.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add Full Product Version to Status Window

    On the Sophos Endpoint Security and Control windows add the full product version to the product version in the status window.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  20. Group/Ungroup

    New Group/Ungroup feature on Alerts in Sophos Central - would like to see an option to set which option is available by default or have the setting I choose stick. Currently every time I click on Alerts it Groups the alerts and I'd much prefer to have the Alerts UnGrouped since we don't really get that many alerts to make Grouping them necessary. It's getting really annoying to have to click the button to ungroup the alerts 15 times a day, when the option I choose should really stick.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.