Endpoint Protection
Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data
-
Secure LDAP binding
With Microsoft forcing LDAP binding on SSL (Port 636) in second half of 2020 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023#ID0EUGAC) Sophos Enterprise Console needs support for it. According to Sophos devs the current SEC does not support LDAPS.
3 votes -
Kerberos instead NTLM in sophos CID configuration_ case number is [#9846939]
Currently we are using share(445) to update endpoints and authentication is using NTLM based . We need to change the NTLM Authentication method to Kerberos . AS NTLM is using leased security and mostly vulnerable. Please suggest is it is possible to use Kerberos authentication instead of NTLM.
1 vote -
SEC report
Create a report that shows which Primary Update Server the endpoint is using to update. Rather than having to access each one to look in the properties. Very useful after migrating to a new server
1 vote -
Please add Sophos Client Frewall actions are blocked under Tamper Enhanced
Please add Sophos Client Frewall actions are blocked under Tamper Enhanced
1 vote -
Linux Antivirus agents to support HTTPS for updates from the Enterprise Console
Sophos Antivirus agents should be downloading updates via HTTPS instead of HTTP. This should be an option since use SSL/HTTPS is an industry standard.
2 votes -
Need to create a canned report to show SVE Virtual servers that are all protected showing version number and the fact that they are protecte
Need to create a canned report to show SVE Virtual servers that are all protected showing version number and the fact that they are protected. In essence to see the vm server that are protected, you must drill down into servers, then sve servers, then virtual machines and click one at a time. WHen you have a hitrust and soc2 audit and they require to see evidence that each individual server is protected, then I have to make 20000 clicks to accomplish this. That is ridiculous. Need a canned report for virtual servers/host names that are protected and what version…
1 vote -
Allow upgrading the Endpoint Protection Client via SSCM
We would like to use SCCM for upgrading (and potentially downgrading) the endpoint protection client. This is currently not possible and supported by Sophos since an upgraded agent will immediately downgrade to the version specified in the software subscription when connected to the Enterprise Console.
4 votes -
Warning for pending reboot after Exploit Prevention updates
Every time Exploit Prevention has an update, each computer ends up in the "Computers with Errors" field, because it needs a reboot. You can't acknowledge them to remove them from that list, and they won't be removed until they reboot. We try not to reboot our users computers unless we have a scheduled maintenance.
It would be nice if there was a distinction between an Error and a "reboot needed"I check that report to see when computers are legitimately having problems, so when every computer appears in that list after an update, it kind of defeats the purpose.
10 votes -
Enterprise Console windows xp
Bonjour.
Aurait-il un moyen d'avoir une ancienne version de Sophos Enterprise Console compatible avec Windows XP, car les versions téléchargeables sur le site ne sont plus compatible avec cette version de Windows.
Nous avons encore un parc avec des machines sous XP.1 vote -
Notification From Address
The "From" address is not something you can configure for email alerts. By default it sends it as sav@<machinename>.<domain> and there is no way to change that. If you are sending through office 365 smtp, it will not allow you to send email alerts with a different from address as a basic security policy.
3 votes -
2019
Add Windows Server 2019 to the list of approved operating systems for SEC 5.5.1
3 votesThis will be in SEC 5.5.2 in 2020
-
show full version numbers in SEC console
Update SEC to display the FULL version of products installed on the endpoint. Currently the full version numbers of installed products are only displayed on the endpoints making accurate identification impossible from the SEC console. (As evident in April-May of 2019) At a minimum, gather that information into the SEC dbase so it can be queried.
3 votes -
Enterprise console Origin Infection
I suggest to add the field 'Origin of Infection' on logs of one virus detection.
This field is very importante in malware such as Conficker or WannaCry.
Andother antivirus companies provide it.2 votes -
Disable Tamper Protection through Command Line
Hi,
Somethimes, managing 1000+ or even 5000+ machine its difficult, even more if we don't have built-in features in the console to remediate/uninstall corrupt/broken installations.
But, the main problem is not that. The problem is that we CANNOT disable Tamper Protection remotely to reinstall/remove Sophos AV, in the following cases:
1) Console was erased/failed and there's no cert/db/registry backup (all Endpoint with Tamper enabled)
2) Broken installations dont apply Tamper Policies (to disable it)
3) Migrated console (don't have the old one).All this would be solved by having the chance to disable Tamper through Command Line. Example
Case A:…
27 votes -
RBAC Granular Control For Groups
Groups:
Top Level
>Sales
> UK
> GermanyHave the ability for the user to only access Sales and Germany only, excluding UK. This will give them the ability to control these sub-estates only.
Is this coming?
2 votes -
SMTP configuration
SMTP configuration
Please define global smtp server configuration to use for all mail alerts on policies
You can also define one of global server settings for smtp server. And you can use this setting for all policies by activating related mail alerts.
I have to maintain all of policies and mail configurations, isn’t it ?It is not best solution to define smtp server policy by policy. As you see as below, I have too many policies and in this solution it is increasing my operation cost .
And review other products feature for smtp alerts as same as mcafee…
1 vote -
search for sever by IP address in Sophos Console
searching for servers by IP will be great to manage if we manage hundreds servers.
Hosting companies are not friendly with the clients hostname.
It would be very useful to be able to search and identify servers.
So please add the option under Server Protection > Servers > The IP address searching.2 votes -
Enterprise Console REST API
Provide a REST (or other) API into SEC. Basic features such as creating groups, assigning policy, adding/deleting/moving machines would be immensely helpful. Nearly all major software applications now have some form of accessible API that allows common tasks to be automated. This idea was suggested back in early 2015, but sadly was denied.
11 votes -
On-access from SEC: Exclusions of FileSystems
Hello,
when using on-access from the Sophos Enterprise Console (SEC):
currently 2 modes are possible for exclusions:
" Exclude Items": Files and directories can be excluded by path.
" Exclude remote files": Excluding remote files currently excludes the following by filesystem: nfs, cifs, smb, smbfs,coda, afsOur customers need possibility in SEC to exclude as much filesystems as the command « ExcludeFileSystems » permits to do in the Sophos Linux agent, which supported FS list is :
https://community.sophos.com/kb/en-us/118932
Example:
To have possibility to only exclude a filesystem of type "fuse" from the SEC.Is it an evolution planned in the…
3 votes -
Definition updating
Currently there is no alert / status change for an endpoint who's definition files are out of date, meaning, let's say you have a fully protected client, but, sophos update (not engine as that alerts if it fails) but rather JUST the definitions fail to update.
we would like the ability to be able to either configure a threshold for alerting, or be able to simply enable/disabled alerting for definitions not updated.
we have many endpoints that will fail to update for days, and the result is a system that while there are no alerts, is potentially not protected.
my…
4 votes
- Don't see your idea?
