This function is helfull to remove quicly solved alert notification by accesing in admin panel. In some cases, always having to login to the console to reset the alerts is very time consuming.

For organizations with regional IT teams, it would be helpful if email alerts could be configured beyond just severity, product and category. For example, it would be useful if email alerts could be sent for events pertaining to a specific group or groups of computers. It would allow IT teams to only receive alerts for machines that they are responsible for. Alternatively, regex or string matching criteria would be super useful (more flexibility).

Thank you for your consideration,

Albert

We would like the ability to separate different threat types (PUA, Malware, Adware, etc.) and then be able to select an action to take on these individually (Remove, Quarantine, email alert, etc.) As of right now there is no way to treat any of these differently or define how to mitigate the risk.

When adding files, websites and applications from scanning for threats,
it would be great to have another field or 2 so that the Sophos admin can enter when exclusions are being added and a description for the reason why (i.e. internal helpdesk ticketnumber)

What about Automatic Exclusion / full support for Exchange 2019 ?
-it's (GA) been out for over a year..

ETA ?

Almost all central or cloud consoles for competing AV products have the ability to remotely remove/uninstall agents from a workstation. There are command line functions that can be used directly from a workstation to do this and you can reinstall the product if already partially installed, so it would seem like a VERY simple change to implement an uninstall function.

We're constantly having hosts that have a status of red because Sophos is falsely reporting that "Running malware in quarantine or cleanup failure" Can we fix this or have an automated process to delete the events.db?

Currently, when enabling the setting to require MFA for all admins, it breaks the AD Sync tool. The only way around this is to manually add Admins to the list required to use MFA. This is a potential security issue as it is easy to forget to do this. I would like to see a feature added where MFA can be set to required for all admins, but the ability to add an exception for instances such as the account used for AD Sync. Thanks

Could we have each system's anti-tamper status added to the Computer report? I believe there is a compromise solution looking at events for SEC customers but that is not an option for Central.

There is an existing install parameter "--devicegroup=<Central group>" to automatically add a new device to a specified group in Sophos Central. I would like to propose a "--usergroup=<Central group>" parameter to do the same for any new user added as part of the install, which can be used in tandem with the devicegroup parameter.

This would be useful for managing client-specific, user-based policies (such as Web Control) without having to manually add new users to a policy or group or make client-specific changes to a global policy that would affect all clients.

Put a PAUSE button on the Central Endpoint scans! When it is scanning it makes using the computer next to impossible with high resource usage. All applications are slow to respond, if at all. Sometimes need to use the computer during a scheduled scan--no choice now but to Cancel the scan. Unfortunately Sophos has not provided an option to rescue his work. All other antivirus and anti-malware software have PAUSE buttons. Why not Sophos? Sophos theme is security made simple. So pls do not complicate. Need a button pls.

It would be very convenient if administrator has the option to add a note to device for reference purpose.

Please allow users to specify a custom report range for the excellent Hero report.

Need to be able to see the protected servers with a list that shows more details. Agent Version, Component Versons. Customize Lists.

Need to add a report to produce a detailed server list and installed component versions.
THIS IS AN AUDITING REQUIREMENT - KPMG!

Thanks.

When a PC has the Endpoint Protection Client deployed via Sophos Cloud, if the client has issue or is out of date, there is no visual prompt on the Sophos shield icon in the notification area. You have to open the client and then click about, to see when a client last updated.

When we used to use Sophos Enterprise Console, the Sophos icon in the notification area would have a red cross overlaying the icon, notifying the user of a problem

Scan ALL Computers from Central

would be nice to be able to see more lockdown events than 24 hours and also to be able to search/filter by date range. Also, why cant we get email alerts when lockdowns happen?