Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. DLP: Needs macOS support

    It is 2020 and macOS is a common workplace device. We require the ability to prevent file transfers containing PHI and other protective information, as well as create custom rules. This needs to be revisited

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Able to download quarantined files from central

    If there are detection on the endpoints, the file that is moved to the quarantine must be able to download from the central console.
    This can be used as part of EDR incident investigation to be able for the administrator to investigate the detected file and we can also submit the file to SophosLabs for them to create IDE.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Incident investigation  ·  Flag idea as inappropriate…  ·  Admin →
  3. Individual (or client) Policy Exceptions

    I would like some functionality added to Sophos Central to accommodate for the need to exempt a specific application on a single server without creating the need for an endless and complicated web of policies as additional application exemption needs are identified.

    An example:

    The company has all servers "enrolled" in the Default Application Control policy. Server A requires all of the same rules as the Default policy but needs PuTTY allowed. No other servers can have PuTTY installed per a strict security policy. To accommodate this need, we, at present, must create Default Application Controls policy clone (w/PuTTY allowed).

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  4. Bletooth blocking on MacOS

    Please enable Bluetooth blocking on MacOS via Peripheral control policy.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
  5. DLP: create a rule using a new extension

    We would like to create a dlp rule using a new extension to block or allow, but in this moment we can select only from a Sophos List. It's not possible to add or import new extension.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Option to Clear "events.db" or address old Alerts not displaying in events anymore.

    There needs to be a way to deal with old Alerts and Warnings which have gone past the displayable events logs. If any event is causing an endpoint to stay consistently in Red Alert or Yellow Warning state, then the event should stay persistent and never go away until addressed. There's no way to deal with these issues currently other than to uninstall/reinstall Sophos completely or follow the below instructions from Sophos. This will only clear the events log to stop the alerts from showing, but doesn't actually address the original alerts.


    1. Disable tamper Protection

    2. Stop Sophos Health service

    3. Navigate…
    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Incident response  ·  Flag idea as inappropriate…  ·  Admin →
  7. computer groups

    allow AD sync to import Computer Groups
    This would make policies based on Computer Group membership much more useful and easier to maintain in an enterprise environment.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  8. Sophos Enterprise Console Cloud Primary Update location

    In a highly secure environment, servers in the DMZ are not allowed access to the internal servers (including Sophos management). This hinders the updates, since the primary update server must be configured to the internal management server, and only the secondary server can be configured to update from the Sophos cloud servers directly. In turn, this generates false alerts that download of updates failed due to update server not being reachable.

    My idea is to allows Sophos cloud to be the primary update server for these cases.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Updating  ·  Flag idea as inappropriate…  ·  Admin →
  9. File type filter for removable storage devices

    We want to allow read only access on floppy and optical drives, (secure) removable storage and MTP/PTP devices but restrict it to certain file types. For example: documents (PDF, DOCX, XLSX ...) and image files (JPG, PNG ...) are allowed but opening/copying executable files (EXE, MSI ...) and script files (CMD, BAT, PS1 etc.) are blocked.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
  10. Better handling of alerts when a firewall blocks an application

    Currently (7/1/20) in Sophos Central endpoints of ours with certain VPN software also installed will show events that a firewall has blocked application (fill in the blank). There's a couple of things I'd like to see improved. In our case this is normal for our VPN software to do this. These events along with other AV events can make it seem like something worse is happening at the endpoint, and can be misleading.

    -What was the firewall or application that was seen blocking another application? Can the event also contain this information?
    -Ability to ignore or make an exception for…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Data Control: Add Remote Control Applications on Destination Application List

    We would like to Monitor/Block File transfers on specific remote applications like Zoom, Webex, Teamviewer, AnyDesk and alike using the Data Control Policy on SEC. On the current feature, only Skype is listed under the VOIP Application and no other options for Remote Applications.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  12. Endpoint Monitor Only Mode

    Allow for deployment of the Sophos Endpoint Control in a monitor only mode. This mode should enable all features of Sophos Endpoint Control but only log and not block anything. This would be extremely helpful when protecting endpoints with custom configurations and hardware. The current method of "try and change" where you deploy then constantly tweak and change settings to get the device/software to work is far too time consuming. Having a monitor only mode would allow the device to work while reporting issues/non-compliance which then we can create policies and apply, while still in monitor mode, to determine if…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  13. Sophos Device Encryption Suspended Verbose Logging

    When updating your windows machines multiple alerts are fired informing admins Device encryption has been suspended. The thought here is to put more verbose logging so these aren't generic alerts but rather actionable alerts. Informing admins if the suspension is due to patching would be helpful as this is a standard practice that occurs every 30 days or so. This would help increase the priority to review this alert if we are able to distinguish between a patching suspension or another process which should be looked into more seriously.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enable Safeguard Enterprise for DUO

    Please enable Safeguard Enterprise to work with the 2nd factor authorization solution DUO (https://duo.com/) If both products are used on the same machine the single sign on in Safeguard Enterprise doesn´t work anymore.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  15. Sophos Endpoint - In Web Cotrol, split Proxies & Translators

    Sophos Endpoint
    Under Policies, in Web Cotrol, split Proxies & Translators in two different categories.
    I would like to block Proxies but allow Translators .
    There are too much differencies to group them togheter.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Security/Control  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add option for e-mail message when Real Time Scanning is enabled (again)

    Sophos sends an e-mail when Real Time Scanning is disabled, but it does not notify when it is enabled again. This causes extra work for administrators, since they have to check machines if RTS is running, while the system could already have notified them that this is the case.

    Please implement an option to let the system send an e-mail when RTS is re-enabled.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  17. malicious traffic detection

    My understanding from the FAQs is that malicious traffic detection just checks HTTP traffic for connections to known bad infrastructure. So that means a domain/IP must be known to be bad for Sophos MTD to detect it.
    If it's not already being done, I'd like to request the HTTP request be analysed to find suspicious indicators, for example a connection to URI's like /fre.php or /gate.php could be indicative of evil, but if the domain is not in your list then it would be missed.

    Also, does malicious traffic detection decrypt and analyse HTTPS traffic? Is DNS traffic monitored for…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Malicious Traffic Detection (MTD)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Ability to change DNS configurations of SVE appliances

    It will be good to be able to change DNS configurations - IP of DNS server and DNS suffix - of SVE appliances after deployments. I say this because right now I need to make these changes for an AD domain consolidation project where we are migrating from one domain to the other. The only resolution seems to deploy a new appliance. This is time consuming.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Virtualisation  ·  Flag idea as inappropriate…  ·  Admin →
  19. we blocked Github in endpoint but users are able to clone from command prompt or terminal. Please do the needful

    we blocked Github in endpoint but users are able to clone from command prompt or terminal. Please do the needful

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Stop Scan Option

    Scan Now option is there but Stop Scan is not. it should be there it's basic feature of Endpoint

    Out many clients are asking for that feature.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.