Endpoint Protection
Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data
-
confirmation dialogue for moving assets between groups in SEC
Create a confirmation dialogue box for moving assets between groups.
This would reduce the likelihood of accidentally dragging assets from one group to another and affecting large numbers of endpoints.Recently we encountered an issue whereby the explorer like functionality of Sophos Enterprise console left us with a number of laptop users losing connectivity to Wifi as the policy group the endpoints were moved to didn't have Wifi allowed. Whilst this was purely human error, a confirmation dialogue box would have given pause to allow review of the changes.
I understand this is hard, if not impossible to do in…
2 votes -
Enterprise Console
- We need an option under the Enterprise console to view all the endpoints of the entire sub-estate in one place. As an admin, we are finding it very difficult to go inside the sub-estate and view the endpoints.
- We need an option to move the endpoints from one sub-estate to the other sub-estate.
(preferably drag and drop) - We have a single AD server in place which needs to be synced with all sub-estate.
- We need a search option in the Add Peripheral Exemptions window.
- We need a “Model” option in Peripheral Control > peripheral exemptions.
- We need an option to…
1 vote -
Secure LDAP binding
With Microsoft forcing LDAP binding on SSL (Port 636) in second half of 2020 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023#ID0EUGAC) Sophos Enterprise Console needs support for it. According to Sophos devs the current SEC does not support LDAPS.
3 votes -
Kerberos instead NTLM in sophos CID configuration_ case number is [#9846939]
Currently we are using share(445) to update endpoints and authentication is using NTLM based . We need to change the NTLM Authentication method to Kerberos . AS NTLM is using leased security and mostly vulnerable. Please suggest is it is possible to use Kerberos authentication instead of NTLM.
1 vote -
Need to create a canned report to show SVE Virtual servers that are all protected showing version number and the fact that they are protecte
Need to create a canned report to show SVE Virtual servers that are all protected showing version number and the fact that they are protected. In essence to see the vm server that are protected, you must drill down into servers, then sve servers, then virtual machines and click one at a time. WHen you have a hitrust and soc2 audit and they require to see evidence that each individual server is protected, then I have to make 20000 clicks to accomplish this. That is ridiculous. Need a canned report for virtual servers/host names that are protected and what version…
2 votes -
SEC report
Create a report that shows which Primary Update Server the endpoint is using to update. Rather than having to access each one to look in the properties. Very useful after migrating to a new server
1 vote -
Please add Sophos Client Frewall actions are blocked under Tamper Enhanced
Please add Sophos Client Frewall actions are blocked under Tamper Enhanced
1 vote -
Linux Antivirus agents to support HTTPS for updates from the Enterprise Console
Sophos Antivirus agents should be downloading updates via HTTPS instead of HTTP. This should be an option since use SSL/HTTPS is an industry standard.
2 votes -
Allow upgrading the Endpoint Protection Client via SSCM
We would like to use SCCM for upgrading (and potentially downgrading) the endpoint protection client. This is currently not possible and supported by Sophos since an upgraded agent will immediately downgrade to the version specified in the software subscription when connected to the Enterprise Console.
4 votes -
Warning for pending reboot after Exploit Prevention updates
Every time Exploit Prevention has an update, each computer ends up in the "Computers with Errors" field, because it needs a reboot. You can't acknowledge them to remove them from that list, and they won't be removed until they reboot. We try not to reboot our users computers unless we have a scheduled maintenance.
It would be nice if there was a distinction between an Error and a "reboot needed"I check that report to see when computers are legitimately having problems, so when every computer appears in that list after an update, it kind of defeats the purpose.
11 votes -
Enterprise Console windows xp
Bonjour.
Aurait-il un moyen d'avoir une ancienne version de Sophos Enterprise Console compatible avec Windows XP, car les versions téléchargeables sur le site ne sont plus compatible avec cette version de Windows.
Nous avons encore un parc avec des machines sous XP.1 vote -
Notification From Address
The "From" address is not something you can configure for email alerts. By default it sends it as sav@<machinename>.<domain> and there is no way to change that. If you are sending through office 365 smtp, it will not allow you to send email alerts with a different from address as a basic security policy.
3 votes -
show full version numbers in SEC console
Update SEC to display the FULL version of products installed on the endpoint. Currently the full version numbers of installed products are only displayed on the endpoints making accurate identification impossible from the SEC console. (As evident in April-May of 2019) At a minimum, gather that information into the SEC dbase so it can be queried.
3 votes -
2019
Add Windows Server 2019 to the list of approved operating systems for SEC 5.5.1
3 votesThis will be in SEC 5.5.2 in 2020
-
Disable Tamper Protection through Command Line
Hi,
Somethimes, managing 1000+ or even 5000+ machine its difficult, even more if we don't have built-in features in the console to remediate/uninstall corrupt/broken installations.
But, the main problem is not that. The problem is that we CANNOT disable Tamper Protection remotely to reinstall/remove Sophos AV, in the following cases:
1) Console was erased/failed and there's no cert/db/registry backup (all Endpoint with Tamper enabled)
2) Broken installations dont apply Tamper Policies (to disable it)
3) Migrated console (don't have the old one).All this would be solved by having the chance to disable Tamper through Command Line. Example
Case A:…
30 votes -
Enterprise console Origin Infection
I suggest to add the field 'Origin of Infection' on logs of one virus detection.
This field is very importante in malware such as Conficker or WannaCry.
Andother antivirus companies provide it.2 votes -
RBAC Granular Control For Groups
Groups:
Top Level
>Sales
> UK
> GermanyHave the ability for the user to only access Sales and Germany only, excluding UK. This will give them the ability to control these sub-estates only.
Is this coming?
2 votes -
SMTP configuration
SMTP configuration
Please define global smtp server configuration to use for all mail alerts on policies
You can also define one of global server settings for smtp server. And you can use this setting for all policies by activating related mail alerts.
I have to maintain all of policies and mail configurations, isn’t it ?It is not best solution to define smtp server policy by policy. As you see as below, I have too many policies and in this solution it is increasing my operation cost .
And review other products feature for smtp alerts as same as mcafee…
1 vote -
search for sever by IP address in Sophos Console
searching for servers by IP will be great to manage if we manage hundreds servers.
Hosting companies are not friendly with the clients hostname.
It would be very useful to be able to search and identify servers.
So please add the option under Server Protection > Servers > The IP address searching.2 votes -
Enterprise Console REST API
Provide a REST (or other) API into SEC. Basic features such as creating groups, assigning policy, adding/deleting/moving machines would be immensely helpful. Nearly all major software applications now have some form of accessible API that allows common tasks to be automated. This idea was suggested back in early 2015, but sadly was denied.
11 votes
- Don't see your idea?
