Need to create a canned report to show SVE Virtual servers that are all protected showing version number and the fact that they are protected. In essence to see the vm server that are protected, you must drill down into servers, then sve servers, then virtual machines and click one at a time. WHen you have a hitrust and soc2 audit and they require to see evidence that each individual server is protected, then I have to make 20000 clicks to accomplish this. That is ridiculous. Need a canned report for virtual servers/host names that are protected and what version and such. Not a biggie.

Hi,

Somethimes, managing 1000+ or even 5000+ machine its difficult, even more if we don't have built-in features in the console to remediate/uninstall corrupt/broken installations.

But, the main problem is not that. The problem is that we CANNOT disable Tamper Protection remotely to reinstall/remove Sophos AV, in the following cases:

1) Console was erased/failed and there's no cert/db/registry backup (all Endpoint with Tamper enabled)
2) Broken installations dont apply Tamper Policies (to disable it)
3) Migrated console (don't have the old one).

All this would be solved by having the chance to disable Tamper through Command Line. Example

Case A: Failure in console and no backup.

Solution: Create GPO Policy that disables Tamper with script:

@echo off
c:\program files\Sophos\Sophos Antivirus\DisableTamper.exe /password:TamperPassword
c:\installer\SophosReInit.vbs (to use with migration utility)

Case B: Broken instalation:

Solution: Create SCCM colection that does the following

@echo off
c:\program files\Sophos\Sophos Antivirus\DisableTamper.exe /password:TamperPassword

:: uninstall sophos
MSIEXEC /X{blablabla} /NORESTART
MSIEXEC /X{blablabla} /NORESTART
MSIEXEC /X{blablabla} /NORESTART
....

c:\instaler\SophosEndpoint_Newinstaller.exe

I mean, you get the idea. If I get the chance to disable Tamper through command line, it helps me to do more thing remotely without bothering the final user and the admin people.

Not asking to disable all without any proof that I manage the system, but if I do know the password, I should be able to put it, either GUI or CLI, specially the CLI, to help automatize.

Thanks,

Antonio.

SMTP configuration

Please define global smtp server configuration to use for all mail alerts on policies

You can also define one of global server settings for smtp server. And you can use this setting for all policies by activating related mail alerts.

I have to maintain all of policies and mail configurations, isn’t it ?

It is not best solution to define smtp server policy by policy. As you see as below, I have too many policies and in this solution it is increasing my operation cost .

And review other products feature for smtp alerts as same as mcafee that I used before.

Hello,

when using on-access from the Sophos Enterprise Console (SEC):

• currently 2 modes are possible for exclusions:
  " Exclude Items": Files and directories can be excluded by path.
  " Exclude remote files": Excluding remote files currently excludes the following by filesystem: nfs, cifs, smb, smbfs,coda, afs




• Our customers need possibility in SEC to exclude as much filesystems as the command « ExcludeFileSystems » permits to do in the Sophos Linux agent, which supported FS list is :
  https://community.sophos.com/kb/en-us/118932

Example:
To have possibility to only exclude a filesystem of type "fuse" from the SEC.

Is it an evolution planned in the SEC?

Thanks.
Regards

Currently there is no alert / status change for an endpoint who's definition files are out of date, meaning, let's say you have a fully protected client, but, sophos update (not engine as that alerts if it fails) but rather JUST the definitions fail to update.

we would like the ability to be able to either configure a threshold for alerting, or be able to simply enable/disabled alerting for definitions not updated.

we have many endpoints that will fail to update for days, and the result is a system that while there are no alerts, is potentially not protected.

my thought would be, an alert that we could choose:

enable Definition alerts older than XX Days, such that if an endpoints definition has not updated in XX Days we would get an alert.

Problem:
We are using Sophos in a multivendor environment which contains over 200,000 clients. The "Discover Computers" button is available for every Sophos admin, because there is no option to restrict this feature. Regularly somebody who is looking for a client presses the discover computer button. Now every network device which is reachable will be imported into the Sophos Enterprise Console and listed as an "unmanaged device". If we don't restart the SEC, sometimes more than 200,000 “unknown devices” are listed in the default "unassigned" group. We can delete these clients but they will remain in the Sophos database until we run a database purge. These huge number of unmanaged devices, is slowing down the Sophos Enterprise Console.

Solution:
We need a way to disable the “Discover computers” function without limiting the administrator role.