Every time Exploit Prevention has an update, each computer ends up in the "Computers with Errors" field, because it needs a reboot. You can't acknowledge them to remove them from that list, and they won't be removed until they reboot. We try not to reboot our users computers unless we have a scheduled maintenance.
It would be nice if there was a distinction between an Error and a "reboot needed"

I check that report to see when computers are legitimately having problems, so when every computer appears in that list after an update, it kind of defeats the purpose.

Before an update of SAV Version, would help administrators, if Sophos informs a few days in advance per mail.
Currently, preview and recommended version as of May 2019 are on the same ver-sion. Which is probably not the idea of the system. So clients can’t be tested with a preview test group.
The information at https://community.sophos.com/kb/en-us/120189 is as often in-correct.

Sophos Admins need a way to force uninstall remotely from the console.
This is a standard features across other AV products i have used.

we have a deployment of over 260 machines across 1km long distance. It is not always feasible to walk to the pc or log in remotely if the user is using the pc.

Why has this basic admin feature not been implemented?

Update SEC to display the FULL version of products installed on the endpoint. Currently the full version numbers of installed products are only displayed on the endpoints making accurate identification impossible from the SEC console. (As evident in April-May of 2019) At a minimum, gather that information into the SEC dbase so it can be queried.

Add scheduled policy updates via enterprise console. Given the limitations of Tamper Protection to prevent end users from making changes and the support risks of Advanced Tamper Protection, the ability to schedule policy checks to periodically force policy compliance on the endpoints would be a good future enhancement.

I'd like to be able to scan a client remotely from the Enterprise Console and watch the scan in real time or at least get the progress of the scan with the result when it finishes.

Add Windows Server 2019 to the list of approved operating systems for SEC 5.5.1

Groups:

Top Level
>Sales
> UK
> Germany

Have the ability for the user to only access Sales and Germany only, excluding UK. This will give them the ability to control these sub-estates only.

Is this coming?

I suggest to add the field 'Origin of Infection' on logs of one virus detection.
This field is very importante in malware such as Conficker or WannaCry.
Andother antivirus companies provide it.

The uninstall and repair options via console would make it easier to manage a large number of machines, mainly because sometimes it is difficult to get access to some of them.

searching for servers by IP will be great to manage if we manage hundreds servers.
Hosting companies are not friendly with the clients hostname.
It would be very useful to be able to search and identify servers.
So please add the option under Server Protection > Servers > The IP address searching.

Provide a REST (or other) API into SEC. Basic features such as creating groups, assigning policy, adding/deleting/moving machines would be immensely helpful. Nearly all major software applications now have some form of accessible API that allows common tasks to be automated. This idea was suggested back in early 2015, but sadly was denied.

After identifcation of malware, do a hash on the file (in Quarrantine or before delete). This helps me to add the hash into other security tools for detection and prevention, and it also helps me to verify it's intended behavior.

You get rave reviews for this product from the security community but I can't understand why this simple information is not made available within your product.

Actual there is no way to be alerted by a Exploit Prevetion Event like the E-Mail Notifications in the AV & HIPS Module. Many of our customers are horrified why that standard function is not implemented!

Sophos Central Admin Console needs one of the following – SSO SAML integration with SAML Identity provider or at the minimum built-in password management capabilities for Super/Admin role users.
Without these features Sophos Central Admin Console is highly vulnerable, considering that unauthorized access to the Central Admin Console can lead to attacker disabling end-point protection or wiping data from end-user devices

We are a PCI shop and the self signed certificates that Sophos AntiVirus generates are a pain in the posterior. They show up as vulnerabilities using Nessus which requires us justifying the risk to our clients. This seems rather unnecessary to me as most PCI shops have their own CAs in-house. If Sophos would give us the capability of importing our own certificates, life would be much better!