Sophos is really good at finding malware, but not so good at cleaning it up. Half the time it requires, "Manual Cleanup." If it had better/more powerful removal capabilities, that would be fantastic.

Hi Team,
I am working in the resller company. Every customers are concerning about this automatic USB scanning feature (If we insert the pendrive, then it should scan automatically all the files (or) the wizard should ask for the scan.
So this would be good, if we had this feature.

Currently Sophos has no option to perform a quick scan on the affected endpoint. A quick scan can quickly scan the mostly affected areas of an operating system (for eg. memory, registry, currently running processes, startup entries etc.) in and under 10-15 minutes.

This Quick Scan could largely benefit users who want to occasionaly run a scan but don't as the only option they are left with is a full system scan.

Problem: we have experienced input lag (typing in various fields) within one of our in-house applications. In troubleshooting, we have determined that Intercept X and Hitman Pro were scanning the software for long periods of time throughout the work day and causing this input lag. After disabling both, the problem is alleviated. My suggestion is to perhaps offer the ability to exclude software from scans at the agent level so that all machines that might be affected within any given software program are not scanned by Sophos and therefore no longer affected.

Refer to technical support case #7726204

Add Malware as a category to Endpoint Protection, and as a website category when reporting a malicious URL on the Sophos Contact Support website.

My response team uses Microsoft's PSTools. Sophos classifies them as PUA / Adware. I can go into my AV/HIPS policy and exempt file names, but that lets malicious actors hide from Sophos by using the same name. I can go into Authorization and exempt those that have already been detected, but I can't pre-emptively whitelist a tool that hasn't triggered an alert yet. I would prefer to be able to whitelist any EXE code that carries a legit Microsoft signature.

Have an option configurable in Enterprise Manager which prevents program execution from temporary folders, particularly those used to interact with Web or Mail. Thus a file exe, js, vbs or whatever file could be prevented from running from the user IE temporary or download folders and from folders involved in Outlook or other mail clients. There could be a whitelist or other options to deal with problems.

Hi,

A Platinum customer would like the ability to have Sophos Anti-virus cleanup infected file(s) that are inside an archive where there are multiple files inside the archive where all files are not malicious.

Basically, they would like SAV to cleanup the malicious file which resides inside the archive but leave the archive intact with all the other legitimate files.

Allow users of Windows endpoints to simply submit suspicious files by clicking a button in the UI

Improve protection of the Sophos installation from malicious actors

Provide a facility to allow Live Protection to automatically collect suspicious files if requested by SophosLabs

Improve protection of the Sophos installation from malicious actors