Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Message Router service restart on error

    Under certain conditions the Sophos Message Router logs "The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid." and the agent no longer reports in to the Enterprise Console. Even though an error was detected the service does not restart or continue to retry. You can manually restart the Message Router service and it works correctly. Changing the service start mode to "Automatic (Delayed Start)" also works.
    Please modify the Message Router so when this error is detected the service will retry, or terminate the service so Windows can restart it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  2. SEC Exploit Prevention E-Mail Notification

    Actual there is no way to be alerted by a Exploit Prevetion Event like the E-Mail Notifications in the AV & HIPS Module. Many of our customers are horrified why that standard function is not implemented!

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  3. ldap

    Allow additional filters on the AD/LDAP query used for sync. Our internal policy when retiring an endpoint is to disable an endpoint and only delete it after a period of time. As such, we have a number of retired endpoints showing as unmanaged.

    Enhancement request:
    Permit additional filters on the query to allow the exclusion of disabled systems.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  4. policy evaluation

    The Policy Evaluation Tool (PET) which is part of the console software can generate a report showing exceptions in policies that may pose a risk. We have some reports that are showing valid and desirable exceptions as "questionable". It would be great if we could 'flag' these as safe so that they are not marked as questionable in the future. This would allow us to continually run the PET report and 'catch' risky exceptions that may be added by whoever in the future.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  5. Exclude Process in on-access-scans in Enterprise Console

    Under Antivirus and HIPS, On-Access-Scans its not possible to exclude processes. The Client configuration allowed that.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make Exploit Prevention Events acknowledgeable in SEC

    Actual new Exploit Prevention Events are shown for 7 days in SEC. After 7 days you only find them in the detail page of each computer/endpoint, which is ok for me.
    But during these 7 days there is currently no way to acknowledge an event and by this "hidding"/marking as "already seen".
    This is essential if you want to get to know which events are new and has to be examined and which you have already done. Especially if there are more than one admin.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Disguse or decrypt UserPassword from UpdateManager Account (iconn.cfg)

    The UserPassword from iconn.cfg which is not strong encoded can be very easy decrypted. The process to secure the password should be stronger. The user should be part of the local policy - deny log on locally - like the SophosSAU user.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Sophos Central Admin Console needs one of the following – SSO SAML integration with SAML Identity provider or at the minimum built-in passwo

    Sophos Central Admin Console needs one of the following – SSO SAML integration with SAML Identity provider or at the minimum built-in password management capabilities for Super/Admin role users.
    Without these features Sophos Central Admin Console is highly vulnerable, considering that unauthorized access to the Central Admin Console can lead to attacker disabling end-point protection or wiping data from end-user devices

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Ability to manage Fanotify setting via custom AV & HIPS Policy in the Sophos Enterprise Console

    This is a feature request to allow the Fanotify settings on Linux Sophos-Antivirus agents to be managed via a setting under a custom AV & HIPS Policy within the Sophos Enterprise Console.

    Specifically this refers to the following client-side settings:

    # /opt/sophos-av/bin/savconfig query PreferFanotify
    true
    # /opt/sophos-av/bin/savconfig query DisableFanotify
    false

    Currently these can only be configured on the client-side. It would be a great asset to be able to manage this via the SEC.

    More info on Fanotify can be found here https://community.sophos.com/kb/en-us/11821

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Log time change for Sychronizes AD.

    Adding Feature for changing of region time for logging after the script activated for Synchronizes AD. Currently it is set to utc +0. For other region it display different timing when the script trigger.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Clear the local endpoint's quarantine.xml from the SEC server

    1. Please provide a way to clear the local Sophos quarantine through a managed Sophos update site for endpoints.
    1. Using this solution a customer can change the update policy within the managed console to the update site which would clear quarantine.
    2. Once quarantine is cleared the Sophos console would show it is cleared. (This is because clearing quarantine locally does report this status to the console.)
    3. Then the computers update path could be moved to another update location that does not clear the Sophos quarantine.
    4. Providing managed customers with a way to clear up the issues…

    33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Sophos Tamper Protection - Possibility to deactivate on single client

    In the actually Version of Sophos, it is not possible to uninstall spüjps because of active tamper protection. Earlier you could stop sophos Services and uninstall/reinstall product. But we have active Directory Synchronisation active, and i couldn't deactivate tamper protection for 1 Client, because this Computer is in synchronised Folder. I could also not move this Client to another Folder, because of active Synchronisation. Another solution is to restart Client in save mode, Change registry keys and restart Client to uninstall sophos, but this is very unfriendly. Or move Computer in active Directory but normal Support user have no rights…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  13. SEC - Directory-as-a-Service (JumpCloud)

    We do not utilise an on-premise Microsoft AD or Azure AD. Can SEC add a feature to support a Directory-as-a-Service e.g. JumpCloud?

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Remove self signed certificates and allow IT admins to install internal CA Cert

    We are a PCI shop and the self signed certificates that Sophos AntiVirus generates are a pain in the posterior. They show up as vulnerabilities using Nessus which requires us justifying the risk to our clients. This seems rather unnecessary to me as most PCI shops have their own CAs in-house. If Sophos would give us the capability of importing our own certificates, life would be much better!

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  15. AD Sync For Deleted Machines

    I would be really nice to have AD sync to update when machines are deleted out of AD. As it stands right now, the AD administrator must inform the SEC administrator that machines have been deleted.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add hunting capability to Sophos Enterprise Console

    Add hunting capability to Sophos Enterprise Console like the ability to hunt with formerly RSA ECAT and now RSA Netwitness.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Sophos Endpoint IPv6 support

    I support a federal client and our implementation of Sophos Endpoint Security is only used for UNIX/Linux systems. There have been at least a couple of mandates by the government’s OMB for federal agencies to transition to IPv6 and internally the transition is coming quickly with some devices only enabled for IPv6.

    We currently have a host installed on the network, IPv6 only, that needs Sophos installed and communicating with the Sophos Endpoint server over IPv6.

    It is my understanding from Sophos support that this is not currently supported. What like to know what the plan is for endpoint IPv6…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  18. change default location for cache servers

    When installing a Cache Server for Sophos Central. You can only install it in a default location. Would like to install in a different directory i.e somewhere on D:/

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Web Control Email Alerts

    Sophos Product Information
    Sophos Product: Sophos Enterprise Console
    Version in Production: 5.4

    Feature Request Summary
    How will this new feature address your business requirements?: We need to have the ability to receive Web control events alerts where the endpoint protection has blocked a threat.
    How would you rate the importance of this feature?; 1 = Critical, 5 = Nice-to-have: Critical 5

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Enterprise Console get data with snmp

    Be able to read status of server or clients with snmp from the Enterprise Console to my Check_mk Server

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.