Servers with multiple network cards. Endpoint binds to the wrong network card.

Please add a progress bar for the manually triggered full scan (and an option to abort it). Just seeing "scan in progress" for ages just does not feel right...

Intercept X does not appear to process JAR files - malware like Java Adwind seems to get past Intercept X. Are there plans to have Intercept X / Sophos ML to process JAR files? This woud provide much needed heuristic detection of this common family/type of malware.

Intercept X is great for detecting new executable malware, however it does not seem great at detecting malware downloaders, e.g. Office macro or PDF downloaders.
Can Intercept X be enhanced so it looks for Office documents that spawn powershell/cmd/BITSAdmin or any other application that can be used to download executable content? This will provide an additional layer of defence in depth that an adversary has to bypass in order to infect a system.

There should be a monitoring mode for exploit prevention ( detection is on but blocking is off )
so we can initally test what can the impact be and what kind of applications will be blocked by exploit prevention.

The security heartbeat only works if the end point has direct internet access. Please can you allow the heartbeat to use the same internet settings (proxy server) as the workstation.

It would be nice to have the extended security of the cloud also on the On-Premises Version, but without the drawbacks like automated Client Version Upgrades and no Push-Client Installation possible...

We have some applications that are used to monitor/scan files across a system and being able to exclude any file it touches during the time it is opening that file would alleviate process impact on the system, and prevent locks on files which could cause issues with the parent application.

Please provide a Linux workstation license for Sophos Cloud. For users that have linux desktops, we don't have an option if we want to use Sophos Cloud for our management service.