Every time Exploit Prevention has an update, each computer ends up in the "Computers with Errors" field, because it needs a reboot. You can't acknowledge them to remove them from that list, and they won't be removed until they reboot. We try not to reboot our users computers unless we have a scheduled maintenance.
It would be nice if there was a distinction between an Error and a "reboot needed"

I check that report to see when computers are legitimately having problems, so when every computer appears in that list after an update, it kind of defeats the purpose.

move virus email notification from the workstations to the SEC. Most workstations have smtp disabled for security so if a virus hits it admins are unaware until the nightly summary report. by moving it to the SEC admins are notified in a more timely manner

The "From" address is not something you can configure for email alerts. By default it sends it as sav@<machinename>.<domain> and there is no way to change that. If you are sending through office 365 smtp, it will not allow you to send email alerts with a different from address as a basic security policy.

Add Windows Server 2019 to the list of approved operating systems for SEC 5.5.1

I'd like to be able to scan a client remotely from the Enterprise Console and watch the scan in real time or at least get the progress of the scan with the result when it finishes.

Before an update of SAV Version, would help administrators, if Sophos informs a few days in advance per mail.
Currently, preview and recommended version as of May 2019 are on the same ver-sion. Which is probably not the idea of the system. So clients can’t be tested with a preview test group.
The information at https://community.sophos.com/kb/en-us/120189 is as often in-correct.

Sophos Admins need a way to force uninstall remotely from the console.
This is a standard features across other AV products i have used.

we have a deployment of over 260 machines across 1km long distance. It is not always feasible to walk to the pc or log in remotely if the user is using the pc.

Why has this basic admin feature not been implemented?

Update SEC to display the FULL version of products installed on the endpoint. Currently the full version numbers of installed products are only displayed on the endpoints making accurate identification impossible from the SEC console. (As evident in April-May of 2019) At a minimum, gather that information into the SEC dbase so it can be queried.

Add scheduled policy updates via enterprise console. Given the limitations of Tamper Protection to prevent end users from making changes and the support risks of Advanced Tamper Protection, the ability to schedule policy checks to periodically force policy compliance on the endpoints would be a good future enhancement.

Groups:

Top Level
>Sales
> UK
> Germany

Have the ability for the user to only access Sales and Germany only, excluding UK. This will give them the ability to control these sub-estates only.

Is this coming?

I suggest to add the field 'Origin of Infection' on logs of one virus detection.
This field is very importante in malware such as Conficker or WannaCry.
Andother antivirus companies provide it.

searching for servers by IP will be great to manage if we manage hundreds servers.
Hosting companies are not friendly with the clients hostname.
It would be very useful to be able to search and identify servers.
So please add the option under Server Protection > Servers > The IP address searching.

Provide a REST (or other) API into SEC. Basic features such as creating groups, assigning policy, adding/deleting/moving machines would be immensely helpful. Nearly all major software applications now have some form of accessible API that allows common tasks to be automated. This idea was suggested back in early 2015, but sadly was denied.

Enable bulk (various) changes across multiple policies in complex environments with a large number of groups and policies. Instead of having to manually change a setting in each policy one by one (for example, deselect bandwidth restrictions, in each updating policy), it would be benifical to have the ability to select multiple policies and apply the change to all of them. Changing a single setting across multiple policies manually is very time consuming and resource intensive, especially if you have a large amount of policies (100+).

After identifcation of malware, do a hash on the file (in Quarrantine or before delete). This helps me to add the hash into other security tools for detection and prevention, and it also helps me to verify it's intended behavior.

You get rave reviews for this product from the security community but I can't understand why this simple information is not made available within your product.

Actual there is no way to be alerted by a Exploit Prevetion Event like the E-Mail Notifications in the AV & HIPS Module. Many of our customers are horrified why that standard function is not implemented!

Actual new Exploit Prevention Events are shown for 7 days in SEC. After 7 days you only find them in the detail page of each computer/endpoint, which is ok for me.
But during these 7 days there is currently no way to acknowledge an event and by this "hidding"/marking as "already seen".
This is essential if you want to get to know which events are new and has to be examined and which you have already done. Especially if there are more than one admin.