SMTP configuration

Please define global smtp server configuration to use for all mail alerts on policies

You can also define one of global server settings for smtp server. And you can use this setting for all policies by activating related mail alerts.

I have to maintain all of policies and mail configurations, isn’t it ?

It is not best solution to define smtp server policy by policy. As you see as below, I have too many policies and in this solution it is increasing my operation cost .

And review other products feature for smtp alerts as same as mcafee that I used before.

Hi,

Somethimes, managing 1000+ or even 5000+ machine its difficult, even more if we don't have built-in features in the console to remediate/uninstall corrupt/broken installations.

But, the main problem is not that. The problem is that we CANNOT disable Tamper Protection remotely to reinstall/remove Sophos AV, in the following cases:

1) Console was erased/failed and there's no cert/db/registry backup (all Endpoint with Tamper enabled)
2) Broken installations dont apply Tamper Policies (to disable it)
3) Migrated console (don't have the old one).

All this would be solved by having the chance to disable Tamper through Command Line. Example

Case A: Failure in console and no backup.

Solution: Create GPO Policy that disables Tamper with script:

@echo off
c:\program files\Sophos\Sophos Antivirus\DisableTamper.exe /password:TamperPassword
c:\installer\SophosReInit.vbs (to use with migration utility)

Case B: Broken instalation:

Solution: Create SCCM colection that does the following

@echo off
c:\program files\Sophos\Sophos Antivirus\DisableTamper.exe /password:TamperPassword

:: uninstall sophos
MSIEXEC /X{blablabla} /NORESTART
MSIEXEC /X{blablabla} /NORESTART
MSIEXEC /X{blablabla} /NORESTART
....

c:\instaler\SophosEndpoint_Newinstaller.exe

I mean, you get the idea. If I get the chance to disable Tamper through command line, it helps me to do more thing remotely without bothering the final user and the admin people.

Not asking to disable all without any proof that I manage the system, but if I do know the password, I should be able to put it, either GUI or CLI, specially the CLI, to help automatize.

Thanks,

Antonio.

Problem:
We are using Sophos in a multivendor environment which contains over 200,000 clients. The "Discover Computers" button is available for every Sophos admin, because there is no option to restrict this feature. Regularly somebody who is looking for a client presses the discover computer button. Now every network device which is reachable will be imported into the Sophos Enterprise Console and listed as an "unmanaged device". If we don't restart the SEC, sometimes more than 200,000 “unknown devices” are listed in the default "unassigned" group. We can delete these clients but they will remain in the Sophos database until we run a database purge. These huge number of unmanaged devices, is slowing down the Sophos Enterprise Console.

Solution:
We need a way to disable the “Discover computers” function without limiting the administrator role.

1. Please provide a way to clear the local Sophos quarantine through a managed Sophos update site for endpoints.
1. Using this solution a customer can change the update policy within the managed console to the update site which would clear quarantine.
2. Once quarantine is cleared the Sophos console would show it is cleared. (This is because clearing quarantine locally does report this status to the console.)
3. Then the computers update path could be moved to another update location that does not clear the Sophos quarantine.
4. Providing managed customers with a way to clear up the issues caused by Sophos at no additional cost makes sense for business.
The business need:
These false positives have reinforced a need to be able to clear the local Sophos quarantine. Leaving history of false positives on the local computer's quarantine becomes more of an issue when future threats are detected. When cleaning up future threats while working around false positives it makes clean up through the console difficult. One example; is the use of managed clean up within a scan. A false positive history in local quarantine prevents us from being able to use a forced local scan that provides clean up of threats through the console without checking that the local quarantine is free of false positives first.

Removing the option of forced scans to clean up threats that can not be directly resolved through "Alerts and Errors" greatly reduces the use of the console for cleaning up threats remotely.

I support a federal client and our implementation of Sophos Endpoint Security is only used for UNIX/Linux systems. There have been at least a couple of mandates by the government’s OMB for federal agencies to transition to IPv6 and internally the transition is coming quickly with some devices only enabled for IPv6.

We currently have a host installed on the network, IPv6 only, that needs Sophos installed and communicating with the Sophos Endpoint server over IPv6.

It is my understanding from Sophos support that this is not currently supported. What like to know what the plan is for endpoint IPv6 support as it relates to Sophos Endpoint.