Endpoint Protection
Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data
-
Emails detailing the outcome of a Fount threat
The on prem server console should report back via email and state whether the threat found was sucesfully cleaned, quarentined or deleted.
At present it just indicates that something was found. But no second email with the outcome.As a system admin i dont want to be always logging in from home at night or on weekends to over look the outcome if i am notified a threat was found
1 vote -
fire your entire (non-)support staff! Destroy any manuals oe operating procedures they have made
fire your entire (non-)support staff! Destroy any manuals or operating procedures they have made
1 vote -
Tool kit for incident response
Whenever I'm forced to do a manual cleanup, I invariably use the same tools, which are effective but scattered and sometimes difficult to use. It would be great if some of these items were packaged together and could be run from a "cleanup dashboard". A Swiss Army knife for repairing infected endpoints. Often, I'm responding to a new customer that doesn't have Sophos yet and this is my time to shine and SELL.
-Sysinternals Autoruns
-Refined SOI tool (archaic and easy to accidentally shut down) that can pinpoint the faulty node without me poring over 25MB of text
-Sophos batch…2 votes -
Useful forensic details
In order to handle incidents properly it would be much easier if SEC would provide some more relevant information about detected files.
Essential information missing:
- File size
- File meta data: Application Name
- File meta data: Company Name
Additional nice to have information:
- True file type detection
- Original file timestamps (Created/Modified/Accessed)
- Information about whether the file is signed3 votes -
Ability to create a standalone installer
Under Enterprise Console, you had the ability to create a standalone install package with all IDE files, etc. This was really handy on slower internet connections, as you don't have to tie up all available bandwidth.
Would really like this function again, as I am fighting through installing at another site with only a 5MB connection (fibre broken during renos)
11 votes -
Fix False Positives
Sophos has been aware of a simple False Positive since 18th January, 2017 where a simple Word Doc in a ZIP File (Created by a Medical Program) is flagged as Mal-DrodZp-A. It was logged as #6892784. I kept going back and forth with Sophos for 8 Months until Sophos demanded a Password for the ZIP File, which we could not comply with since it contained private Customer Data. Despite the many, many workarounds Sophos had me do, Sophos Endpoint STILL grabs the file every time a VSS copy is made, despite VSS being turned OFF. This produces thousands of errors…
3 votes -
Basic Forensics - File Modified Date/Time
It would be infinitely more useful if threat containment/quarantine provided the modified time of the binary before it quarantined the file. For forensics and timeline correlation of events, other artifacts can be found using a time window around the malinary's modification date/time. *malinary - a malicious binary
5 votes -
Sophos Cloud - Allow to disable popup alert detections on the endpoint
On the Sophos Cloud Dashboard, allow to disable the popup alert detections so that the detection information is displayed only on the Dashboard console.
This same feature is already available on the SEC (On-Premise endpoint console) but not on the Cloud dashboard.19 votes -
Web Protection Email Alerts
Please add the ability of the SAV endpoint
to send email alerts when it encounters a web protection issue.For example when a user browses a web site
that contains a contaminated image, an email should be sent, as with on-access
scanning4 votes -
SMTP Logging
Please add the ability of the SAV endpoint
to log/debug the sending of email alerts and also log the response from
the SMTP server upon sending of an email alert2 votes
- Don't see your idea?
