It would be a really good feature if the function lockdown is official supported on Windows RDS Server. There are many users on it and some official (but potentially unwanted) software but also malware who writes whole applications and/ or plugins in the (open) userprofile. With lockdown it would also possible to stop installing PUA's.

Currently Teams is not includes as a destination in the Data Control Policy for the on-premise Enterprise Console. Only Skype for Business - Teams is the official successor to skype for business !!

It is important to ensure that unwanted files can not be distributed across teams

Allow a user to delete a PUA when it has been detected by Sophos. Right now this has to be done from the Sophos Admin portal, even when users are notified by Sophos (And us via Email) that a program has been detected.

Sophos is really good at finding malware, but not so good at cleaning it up. Half the time it requires, "Manual Cleanup." If it had better/more powerful removal capabilities, that would be fantastic.

Problem: we have experienced input lag (typing in various fields) within one of our in-house applications. In troubleshooting, we have determined that Intercept X and Hitman Pro were scanning the software for long periods of time throughout the work day and causing this input lag. After disabling both, the problem is alleviated. My suggestion is to perhaps offer the ability to exclude software from scans at the agent level so that all machines that might be affected within any given software program are not scanned by Sophos and therefore no longer affected.

Refer to technical support case #7726204

My response team uses Microsoft's PSTools. Sophos classifies them as PUA / Adware. I can go into my AV/HIPS policy and exempt file names, but that lets malicious actors hide from Sophos by using the same name. I can go into Authorization and exempt those that have already been detected, but I can't pre-emptively whitelist a tool that hasn't triggered an alert yet. I would prefer to be able to whitelist any EXE code that carries a legit Microsoft signature.

Add Malware as a category to Endpoint Protection, and as a website category when reporting a malicious URL on the Sophos Contact Support website.

Hi Team,
I am working in the resller company. Every customers are concerning about this automatic USB scanning feature (If we insert the pendrive, then it should scan automatically all the files (or) the wizard should ask for the scan.
So this would be good, if we had this feature.

Have an option configurable in Enterprise Manager which prevents program execution from temporary folders, particularly those used to interact with Web or Mail. Thus a file exe, js, vbs or whatever file could be prevented from running from the user IE temporary or download folders and from folders involved in Outlook or other mail clients. There could be a whitelist or other options to deal with problems.

Hi,

A Platinum customer would like the ability to have Sophos Anti-virus cleanup infected file(s) that are inside an archive where there are multiple files inside the archive where all files are not malicious.

Basically, they would like SAV to cleanup the malicious file which resides inside the archive but leave the archive intact with all the other legitimate files.

Currently Sophos has no option to perform a quick scan on the affected endpoint. A quick scan can quickly scan the mostly affected areas of an operating system (for eg. memory, registry, currently running processes, startup entries etc.) in and under 10-15 minutes.

This Quick Scan could largely benefit users who want to occasionaly run a scan but don't as the only option they are left with is a full system scan.

Allow users of Windows endpoints to simply submit suspicious files by clicking a button in the UI

Improve protection of the Sophos installation from malicious actors

Provide a facility to allow Live Protection to automatically collect suspicious files if requested by SophosLabs

Improve protection of the Sophos installation from malicious actors