Endpoint Protection
Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data
-
Ability to change Network card binding order
Servers with multiple network cards. Endpoint binds to the wrong network card.
1 vote -
Intercept X - Threat Case - Root Cause not Identified, No Threat Case
After upgrading to Intercept X with EDR there are situations where a Threat Case is not created. Sophos Support mentioned a Threat Case was not forwarded to Central because a root cause could not be found. Even when a Root Cause cannot be identified consider creating a Threat Case so customers have access to the additional context information. Perhaps set the beacon as the root cause.
"Note: Threat cases are only created for malicious detections; this does not include detections for PUAs, Application Control, Device Control, Web Control. Additionally if Sophos isn't able to automatically confirm a root cause, a…
1 vote -
Progress bar for full scan
Please add a progress bar for the manually triggered full scan (and an option to abort it). Just seeing "scan in progress" for ages just does not feel right...
32 votes -
Intercept X - JAR files
Intercept X does not appear to process JAR files - malware like Java Adwind seems to get past Intercept X. Are there plans to have Intercept X / Sophos ML to process JAR files? This woud provide much needed heuristic detection of this common family/type of malware.
2 votes -
Intercept X - Detect Malware Downloaders (Macro's, PDFs, etc]
Intercept X is great for detecting new executable malware, however it does not seem great at detecting malware downloaders, e.g. Office macro or PDF downloaders.
Can Intercept X be enhanced so it looks for Office documents that spawn powershell/cmd/BITSAdmin or any other application that can be used to download executable content? This will provide an additional layer of defence in depth that an adversary has to bypass in order to infect a system.2 votes -
Monitoring mode for Exploit Prevention
There should be a monitoring mode for exploit prevention ( detection is on but blocking is off )
so we can initally test what can the impact be and what kind of applications will be blocked by exploit prevention.1 vote -
Heartbeat
The security heartbeat only works if the end point has direct internet access. Please can you allow the heartbeat to use the same internet settings (proxy server) as the workstation.
2 votes -
Is it planned to merge Enterprise Console with Sophos Central in the future, to have all features of both, something like "hybrid cloud"
It would be nice to have the extended security of the cloud also on the On-Premises Version, but without the drawbacks like automated Client Version Upgrades and no Push-Client Installation possible...
2 votes -
Include in the exclusion process to automatically exclude files touched by a specific process
We have some applications that are used to monitor/scan files across a system and being able to exclude any file it touches during the time it is opening that file would alleviate process impact on the system, and prevent locks on files which could cause issues with the parent application.
1 vote -
Sophos cloud Linux workstation AV endpoint
Please provide a Linux workstation license for Sophos Cloud. For users that have linux desktops, we don't have an option if we want to use Sophos Cloud for our management service.
6 votes
- Don't see your idea?