Endpoint Protection
Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data
-
Ability to whitelist a specific threat
Here is a use case. One of our computers is used for demo purposes, and the demo includes uploading a file that knowingly contains a malware and demonstrating that the malware is detected.
We use a specific type of malware: OF97/EicarDrp-A, and we attempted to create a dedicated policy just for this computer that excludes this type of malware. However, this turned out to be impossible. Using a "Potentially Unwanted Application" exclusion type and setting it to "OF97/EicarDrp-A" didn't work. The support engineer advised to use "File or folder" exclusion type (case number 03580697), which is quite insecure (the user…
1 vote -
Application isolation
Please implement application isolation for the well-known apps like Office, Adobe reader, browsers.
Users can open files from unsafe locations in a secure container on the client to prevent threats.regards
1 vote -
notifications for hash
Include the ability to customize notifications so that an alert can be sent out when a specific hash type is detected.
1 vote -
Support Lockdown for WIndows RDS Server
It would be a really good feature if the function lockdown is official supported on Windows RDS Server. There are many users on it and some official (but potentially unwanted) software but also malware who writes whole applications and/ or plugins in the (open) userprofile. With lockdown it would also possible to stop installing PUA's.
1 vote -
Data Control Policy - Add Microsoft Teams as Destination
Currently Teams is not includes as a destination in the Data Control Policy for the on-premise Enterprise Console. Only Skype for Business - Teams is the official successor to skype for business !!
It is important to ensure that unwanted files can not be distributed across teams
3 votes -
PUA deletion
Allow a user to delete a PUA when it has been detected by Sophos. Right now this has to be done from the Sophos Admin portal, even when users are notified by Sophos (And us via Email) that a program has been detected.
1 vote -
Make Malware Removal More Powerful
Sophos is really good at finding malware, but not so good at cleaning it up. Half the time it requires, "Manual Cleanup." If it had better/more powerful removal capabilities, that would be fantastic.
10 votes -
malwarebytes
Malwarebytes service and SOPHOS endpoint control on my pc worked together for almost a year. On or after the second Tuesday of the month, they no longer work concurrently. I either have to A) stop malwarebytes service and reboot, or B) turn-off SOPHOS Real Time internet scanning for four (4) hours, for them to work together on my PC.
If Malwarebytes service and SOPHOS work together for the last three weeks, then all my browsers freeze.
I am a Super Admin for the Iowa Attorney General's Office. Please restore the simultaneous functioning of Malwarebytes service and SOPHOS real time internet…
1 vote -
Honey Pot
I would like the ability to be able to setup honey pots files that will automatically lockout the user or computer if the file is accessed or altered. It seems that AV is a natural place to build in this feature. For example I would like to have a file named "Client SS numbers.xlsx" that if accessed would notify me, to and block the node from acceing the server any more. I would also use as a second check agaist Crypto viruses. I would make one of the first and last files on the server a honeypot that if hit…
5 votes -
Scan exclusions at the software level
Problem: we have experienced input lag (typing in various fields) within one of our in-house applications. In troubleshooting, we have determined that Intercept X and Hitman Pro were scanning the software for long periods of time throughout the work day and causing this input lag. After disabling both, the problem is alleviated. My suggestion is to perhaps offer the ability to exclude software from scans at the agent level so that all machines that might be affected within any given software program are not scanned by Sophos and therefore no longer affected.
Refer to technical support case #7726204
1 vote -
Authorization for signed code
My response team uses Microsoft's PSTools. Sophos classifies them as PUA / Adware. I can go into my AV/HIPS policy and exempt file names, but that lets malicious actors hide from Sophos by using the same name. I can go into Authorization and exempt those that have already been detected, but I can't pre-emptively whitelist a tool that hasn't triggered an alert yet. I would prefer to be able to whitelist any EXE code that carries a legit Microsoft signature.
2 votes -
Add Malware category to Endpoint Protection and for URL Submission on Website
Add Malware as a category to Endpoint Protection, and as a website category when reporting a malicious URL on the Sophos Contact Support website.
1 vote -
Automatic external drive scanning option
Hi Team,
I am working in the resller company. Every customers are concerning about this automatic USB scanning feature (If we insert the pendrive, then it should scan automatically all the files (or) the wizard should ask for the scan.
So this would be good, if we had this feature.47 votes -
An option to prevent execution of software from temporary locations
Have an option configurable in Enterprise Manager which prevents program execution from temporary folders, particularly those used to interact with Web or Mail. Thus a file exe, js, vbs or whatever file could be prevented from running from the user IE temporary or download folders and from folders involved in Outlook or other mail clients. There could be a whitelist or other options to deal with problems.
3 votes -
Ability for SAV to cleanup infected file(s) that are inside an archive
Hi,
A Platinum customer would like the ability to have Sophos Anti-virus cleanup infected file(s) that are inside an archive where there are multiple files inside the archive where all files are not malicious.
Basically, they would like SAV to cleanup the malicious file which resides inside the archive but leave the archive intact with all the other legitimate files.
2 votes -
Sophos Quick Scan
Currently Sophos has no option to perform a quick scan on the affected endpoint. A quick scan can quickly scan the mostly affected areas of an operating system (for eg. memory, registry, currently running processes, startup entries etc.) in and under 10-15 minutes.
This Quick Scan could largely benefit users who want to occasionaly run a scan but don't as the only option they are left with is a full system scan.
20 votesExpected in the Summer of 2016 for Sophos Cloud
-
Push button self submission from SAV
Allow users of Windows endpoints to simply submit suspicious files by clicking a button in the UI
11 votes -
Windows tamper protection improvements
Improve protection of the Sophos installation from malicious actors
7 votesbeing released to Central endpoints in July/August and to on premise endpoints later (can be turned on manually in the first instance).
-
Mac OS X automatic sample submission
Provide a facility to allow Live Protection to automatically collect suspicious files if requested by SophosLabs
3 votes -
Mac OS X enhanced tamper protection
Improve protection of the Sophos installation from malicious actors
1 vote
- Don't see your idea?