Every time Exploit Prevention has an update, each computer ends up in the "Computers with Errors" field, because it needs a reboot. You can't acknowledge them to remove them from that list, and they won't be removed until they reboot. We try not to reboot our users computers unless we have a scheduled maintenance.
It would be nice if there was a distinction between an Error and a "reboot needed"

I check that report to see when computers are legitimately having problems, so when every computer appears in that list after an update, it kind of defeats the purpose.

We would like to use SCCM for upgrading (and potentially downgrading) the endpoint protection client. This is currently not possible and supported by Sophos since an upgraded agent will immediately downgrade to the version specified in the software subscription when connected to the Enterprise Console.

The "From" address is not something you can configure for email alerts. By default it sends it as sav@<machinename>.<domain> and there is no way to change that. If you are sending through office 365 smtp, it will not allow you to send email alerts with a different from address as a basic security policy.

Add Windows Server 2019 to the list of approved operating systems for SEC 5.5.1

Update SEC to display the FULL version of products installed on the endpoint. Currently the full version numbers of installed products are only displayed on the endpoints making accurate identification impossible from the SEC console. (As evident in April-May of 2019) At a minimum, gather that information into the SEC dbase so it can be queried.

I suggest to add the field 'Origin of Infection' on logs of one virus detection.
This field is very importante in malware such as Conficker or WannaCry.
Andother antivirus companies provide it.

Groups:

Top Level
>Sales
> UK
> Germany

Have the ability for the user to only access Sales and Germany only, excluding UK. This will give them the ability to control these sub-estates only.

Is this coming?

searching for servers by IP will be great to manage if we manage hundreds servers.
Hosting companies are not friendly with the clients hostname.
It would be very useful to be able to search and identify servers.
So please add the option under Server Protection > Servers > The IP address searching.

Provide a REST (or other) API into SEC. Basic features such as creating groups, assigning policy, adding/deleting/moving machines would be immensely helpful. Nearly all major software applications now have some form of accessible API that allows common tasks to be automated. This idea was suggested back in early 2015, but sadly was denied.

Enable bulk (various) changes across multiple policies in complex environments with a large number of groups and policies. Instead of having to manually change a setting in each policy one by one (for example, deselect bandwidth restrictions, in each updating policy), it would be benifical to have the ability to select multiple policies and apply the change to all of them. Changing a single setting across multiple policies manually is very time consuming and resource intensive, especially if you have a large amount of policies (100+).

After identifcation of malware, do a hash on the file (in Quarrantine or before delete). This helps me to add the hash into other security tools for detection and prevention, and it also helps me to verify it's intended behavior.

You get rave reviews for this product from the security community but I can't understand why this simple information is not made available within your product.

Under certain conditions the Sophos Message Router logs "The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid." and the agent no longer reports in to the Enterprise Console. Even though an error was detected the service does not restart or continue to retry. You can manually restart the Message Router service and it works correctly. Changing the service start mode to "Automatic (Delayed Start)" also works.
Please modify the Message Router so when this error is detected the service will retry, or terminate the service so Windows can restart it.

Actual there is no way to be alerted by a Exploit Prevetion Event like the E-Mail Notifications in the AV & HIPS Module. Many of our customers are horrified why that standard function is not implemented!

Allow additional filters on the AD/LDAP query used for sync. Our internal policy when retiring an endpoint is to disable an endpoint and only delete it after a period of time. As such, we have a number of retired endpoints showing as unmanaged.

Enhancement request:
Permit additional filters on the query to allow the exclusion of disabled systems.

The Policy Evaluation Tool (PET) which is part of the console software can generate a report showing exceptions in policies that may pose a risk. We have some reports that are showing valid and desirable exceptions as "questionable". It would be great if we could 'flag' these as safe so that they are not marked as questionable in the future. This would allow us to continually run the PET report and 'catch' risky exceptions that may be added by whoever in the future.

Under Antivirus and HIPS, On-Access-Scans its not possible to exclude processes. The Client configuration allowed that.