Installation on Thousands of Mac's is practically impossible with an app installer. Why would you not give a .dmg install pachage that could be sent out via MDM solutions such as JAMF Casper or others? We can not rely on thousands of end user, in our case students from grade 5-12th to run through an install package. If we had known this beforehand, Sophos would not have been considered...

Merci a Sophos de trouver une solution simple et rapide pour désinstallation leur soft client Desinstallation sophos endpoint sur PC .

Merci.

A simple feature provided by other leading vendors is the ability to cancel a long-running manual scan. This is a basic User Interface feature. The alternative is for the user to reboot which is very counterproductive. It could be controlled via a policy if that is not desired by all customers.

For Sophos Web Control, could we have warning windows pops up for https websites which fall into the warn web usage category? Currently warning windows will pop up for http websites which fall into the warn web usage category only.

Hello Team,

I have a customer that have suggested that Sophos be compatible with Airwhatch .

Any ideas if that can happened in the future?

Although I've disabled Desktop Messaging across the board in Sophos Central, endpoint users are still getting "No threats found" notifications.

Sophos support has confirmed that there's no way to disable that message without editing the endpoint computer's registry to completely disable balloon notifications.

Please add the ability to easily disable the "No threats found" message, as well as any other messages that aren't covered by Desktop Messaging.

Please add also cyrillic symbols into DLP engine in EPP.
It's a very important feature for CIS countries' customers.

In DLP Alerts for files that interact with web browsers, is it possible to show the web address that the file interacted with?

For example: a user uploads a file which trips the alert into Google Drive.
The alert would show User, File Path, File Name, Application: Google Chrome, Web Address: drive.google.com

In Enterprise Console when creating the groups, can we have checkbox style to remove sub OUs from Monitoring.
We have few OUs which are Linux Servers and wanted to exclude them from the Top Level OU.

In the hopes of speeding up response time from the console would it be possible to lower the number of machines listed when DEVICE is chosen from the OVERVIEW menu?

With Sophos for Mac the annoying problem of Red Alarms in case of shut down clients (missing heartbeats) should urgently be solved. This can turn out critical if self isolation or isolation via firewall of clients is activated.
A regular software shutdown must be registered by Sophos an sent to the Firewall/Central observation instance.
Oterwise hundreds of alerts flood the Central platform an have to be sorted out by administrator.
A regular shutdown is no cause for a red alert. If alerts for some reason would be necessary to inform the administrator, a yellow status is sufficient, avooding self isolation.

Endpoints send email alerts only through email server which accept emails without authentication. Such an "open relay" is a "no go". Sophos claims to be an "Gartner Endpoint Leader" in todays newsletter...

But what about the simple security things?

Im waiting for that function now for more then 10 years!

Ability to block certain file types running from a USB device like .bat or .exe files.

For now, EDR's feature Threat Search only covers a specific sub-estate (For and Enterprise Dashboard) where a device of reference for a detection is a member of. Manually, the admin has to copy the artefact (SHA or filename) and threat search it to other sub-estates. It will be helpful to cover all sub-estates in the future for threat searches for easier administration and investigation.

When getting an ROP, HeapSpray, StackExch exploit detection, it would be nice to know what site(s) the user was on at the exact time of the detection. This would allow us to look at whether or not the site caused the detection. We can even access the site from our detonation chamber to test.

fire your entire (non-)support staff! Destroy any manuals or operating procedures they have made