Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. New report type : USB allowed/blocked

    We are using the device control feature to block USB drives in most PCs and created sub-groups to allow certain PCs to have USB Access.
    Currently there is no reporting on how many computers have USB access allowed and how many have it denied, so kindly let us know about this feature

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
    • Update Sophos Version/Agent Manually to make up for lack of Control in Controlled Updates

      Currently in Sophos Central we can add servers to a Test Group and prevent all other servers from having their agent update.
      This is completely inadequate. Need to be able to create more Server Groups and be able to update to the new version by server group.

      Should be able to download a manual install for the new version and apply it to the servers while Controlled Updates is turned on.

      This would allow us to update critical servers at a time of our choosing.

      Right now, the option is Update All Servers - This is equivalent to pushing the…

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Updating  ·  Flag idea as inappropriate…  ·  Admin →
      • Detailed Reporting of Installed Agents

        Need to be able to see the protected servers with a list that shows more details. Agent Version, Component Versons. Customize Lists.

        Need to add a report to produce a detailed server list and installed component versions.
        THIS IS AN AUDITING REQUIREMENT - KPMG!

        Thanks.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
        • Ability to change Network card binding order

          Servers with multiple network cards. Endpoint binds to the wrong network card.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Next Generation Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
          • Disable Tamper Protection through Command Line

            Hi,

            Somethimes, managing 1000+ or even 5000+ machine its difficult, even more if we don't have built-in features in the console to remediate/uninstall corrupt/broken installations.

            But, the main problem is not that. The problem is that we CANNOT disable Tamper Protection remotely to reinstall/remove Sophos AV, in the following cases:

            1) Console was erased/failed and there's no cert/db/registry backup (all Endpoint with Tamper enabled)
            2) Broken installations dont apply Tamper Policies (to disable it)
            3) Migrated console (don't have the old one).

            All this would be solved by having the chance to disable Tamper through Command Line. Example

            Case A:…

            14 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              3 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
            • Force bitlocker recovery mode from Sophos Cloud console

              It would be great if we could force a device into Bitlocker "Recovery Mode" from the cloud console. This would effectively lock untrusted users out of the device that was lost or stolen.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • desinstallation sophos endpoint

                Merci a Sophos de trouver une solution simple et rapide pour désinstallation leur soft client Desinstallation sophos endpoint sur PC .

                Merci.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • Sophos Home Premium for Linux

                  Sophos Home Premium is only available for Windows, why not for Linux and Macs. There are a large amount of Linux users that would value a Premium license for Linux home users. Not sure how secure is the free version of Sophos Linux AV. I'm sure users of Home Premium would valus te ability to see their Linux devices in the Sophs Home portal.

                  2 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                  • web control policy granular logging

                    Allow web categories or web sites to be deselected from logging. Example, if you block 'personals and dating' you get multiple connections to graph.facebook.com connect.facebook.net and api.facebook.com even when the user is not deliberately attempting to log in to facebook. This creates a large volume of alerts which obscures genuine infringements.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • ESA Backup vis SFTP (TCP Port 22)

                      Sophos Email Appliance currently only support backup via plain FTP on port TCP 21. FTP transmit everything via plain text including the username and password. I would like to request support backup via secure protocols (i.e. SFTP). Thank you in advance.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • DLP Custom rules

                        I would like to list the number of records on a Custom Content Control List. So if I have a custom Account number, I want to list the number of those accounts that can be sent at one time. Right now, all I can do is specify the custom account or match a certain phrase. The only categories that I can specify the number of matches is on the Sophos Default DLP Policies.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
                        • in application control policy we need to select particular component to allow

                          in application control policy we need to select particular component to allow

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Web Address in DLP alerts

                            In DLP Alerts for files that interact with web browsers, is it possible to show the web address that the file interacted with?

                            For example: a user uploads a file which trips the alert into Google Drive.
                            The alert would show User, File Path, File Name, Application: Google Chrome, Web Address: drive.google.com

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
                            • Intercept X - SDU Tool - Troubleshooting Files Excluded

                              While working with Support we provided the SDU logs for investigation. Sophos Support came back and requested some additional files not captured as part of the SDU tool. Please add an option in the SDU to include these sources.

                              To obtain these files we needed to disable Tamper Protection, and copy the files ourselves.

                              From Sophos Support:
                              To further progress, we will also require you to copy, zip, and upload the following directories to our FTP. The reason we require these folders is because they contain the snapshots of the event in a .tgz format which our SDU tool does…

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
                              • Intercept X - Threat Case - Root Cause not Identified, No Threat Case

                                After upgrading to Intercept X with EDR there are situations where a Threat Case is not created. Sophos Support mentioned a Threat Case was not forwarded to Central because a root cause could not be found. Even when a Root Cause cannot be identified consider creating a Threat Case so customers have access to the additional context information. Perhaps set the beacon as the root cause.

                                "Note: Threat cases are only created for malicious detections; this does not include detections for PUAs, Application Control, Device Control, Web Control. Additionally if Sophos isn't able to automatically confirm a root cause, a…

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Next Generation Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
                                • When Threat Case is not created revert to Pre-Intercept X behavior

                                  After upgrading to Intercept X with EDR in situations where are Threat Case is not created revert to the pre-Intercept X behavior of publishing the Detection Event as an Alert.

                                  "Note: Threat cases are only created for malicious detections; this does not include detections for PUAs, Application Control, Device Control, Web Control. Additionally if Sophos isn't able to automatically confirm a root cause, a Threat Case may not be generated."
                                  https://community.sophos.com/kb/en-us/125120

                                  We've gotten a number of malicious Events which haven't created corresponding Threat Cases for hosts assigned to the Intercept X with EDR policy. Sophos Support mentioned a Threat Case…

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Invincea Sandboxing

                                    Hi guys, when Invincea was bought by Sophos I was excited about Invincea's sandboxing feature to be included to Sophos Endpoint Protection.
                                    This however doesn't appear to have been planned.
                                    Useful scenarios include:
                                    - Running unknown/suspicious applications in a sandboxed environment.
                                    - Opening email attachments
                                    - Opening downloaded files
                                    - Manual use by security admins (Specify programs to run in sandbox, or temporarily whitelist a blocked program/file forcing it to run in sandbox for investigations.)

                                    That last one is particularly useful, as we've recently had a case where some emails were flagged by Sophos and quarantined. Sophos would block us…

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  APT/zero day detection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Again and again, I find that it is very time-consuming and almost impossible for the end user to fail when installing the Sophos Security VM

                                      Again and again, I find that it is very time-consuming and almost impossible for the end user to fail when installing the Sophos Security VM, especially if the error is due to a failed during SSVM installer. Since the introduction of the Sophos for virtual Environment in Q1 / 2018, we have repeatedly had to spend a lot of time resp. Time lost, because we did not comming forward as fast as we planned! It would be desirable to have errors made clearer and more transparent, at the beginning and not at the end of an installation. Why a test…

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Virtualisation  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Block 3D application related file types

                                        I am using your Endpoint protection trial version for the past few days. We work on 3D animation. It would be very helpful if you can block these file types. These file types are related to our 3D applications. I want these file types to be blocked from uploading . Can you do it?

                                        1 .3ds
                                        2 .abc
                                        3 .mb
                                        4 binary.fbx
                                        5 .ms3d
                                        6 .c4d

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Display status of client from taskbar icon

                                          When a PC has the Endpoint Protection Client deployed via Sophos Cloud, if the client has issue or is out of date, there is no visual prompt on the Sophos shield icon in the notification area. You have to open the client and then click about, to see when a client last updated.

                                          When we used to use Sophos Enterprise Console, the Sophos icon in the notification area would have a red cross overlaying the icon, notifying the user of a problem

                                          5 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.