Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. MTP/PTP separate webcam and mobile control

    On Device Control MTP/PTP devices, we should able to block only mobile devices but not the camera devices. these devices should be separated.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Able to download quarantined files from central

    If there are detection on the endpoints, the file that is moved to the quarantine must be able to download from the central console.
    This can be used as part of EDR incident investigation to be able for the administrator to investigate the detected file and we can also submit the file to SophosLabs for them to create IDE.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Incident investigation  ·  Flag idea as inappropriate…  ·  Admin →
  3. Individual (or client) Policy Exceptions

    I would like some functionality added to Sophos Central to accommodate for the need to exempt a specific application on a single server without creating the need for an endless and complicated web of policies as additional application exemption needs are identified.

    An example:

    The company has all servers "enrolled" in the Default Application Control policy. Server A requires all of the same rules as the Default policy but needs PuTTY allowed. No other servers can have PuTTY installed per a strict security policy. To accommodate this need, we, at present, must create Default Application Controls policy clone (w/PuTTY allowed).

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  4. Current feature does not allow the peripherals to be blocked system wise without blocking the peripherals and then whitelisting it.

    It will be of great help if we can have the feature of disabling and allowing of USB drives system wise. Fo example if I need to block a specific USB drive to a specific system only, its not possible without blanket blocking the USB access and then allowing it as exceptions. By this you have to change the statud quo of other systems. This will lead to operational issues one has block all USB access and then allow one by one. So everytime the user has to get IT to allow if the USB device is a fresh one.…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
  5. Bletooth blocking on MacOS

    Please enable Bluetooth blocking on MacOS via Peripheral control policy.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
  6. DLP: create a rule using a new extension

    We would like to create a dlp rule using a new extension to block or allow, but in this moment we can select only from a Sophos List. It's not possible to add or import new extension.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Option to Clear "events.db" or address old Alerts not displaying in events anymore.

    There needs to be a way to deal with old Alerts and Warnings which have gone past the displayable events logs. If any event is causing an endpoint to stay consistently in Red Alert or Yellow Warning state, then the event should stay persistent and never go away until addressed. There's no way to deal with these issues currently other than to uninstall/reinstall Sophos completely or follow the below instructions from Sophos. This will only clear the events log to stop the alerts from showing, but doesn't actually address the original alerts.


    1. Disable tamper Protection

    2. Stop Sophos Health service

    3. Navigate…
    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Incident response  ·  Flag idea as inappropriate…  ·  Admin →
  8. Stop Scan Option

    Scan Now option is there but Stop Scan is not. it should be there it's basic feature of Endpoint

    Out many clients are asking for that feature.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  9. Internet Destination File Copy

    Add a way to tell if an 'Internet Destination File Copy' was an upload or a download. Currently you can not tell if a user uploaded a file or downloaded or file. You can see where files go to a users 'Download' folder on Windows but this is not a reliable enough way to determine this.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
  10. computer groups

    allow AD sync to import Computer Groups
    This would make policies based on Computer Group membership much more useful and easier to maintain in an enterprise environment.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  11. Generate a report of all peripheral exemptions that have been made.

    Generate a report of all peripheral exemptions that have been made.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  12. Sophos Enterprise Console Cloud Primary Update location

    In a highly secure environment, servers in the DMZ are not allowed access to the internal servers (including Sophos management). This hinders the updates, since the primary update server must be configured to the internal management server, and only the secondary server can be configured to update from the Sophos cloud servers directly. In turn, this generates false alerts that download of updates failed due to update server not being reachable.

    My idea is to allows Sophos cloud to be the primary update server for these cases.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Updating  ·  Flag idea as inappropriate…  ·  Admin →
  13. File type filter for removable storage devices

    We want to allow read only access on floppy and optical drives, (secure) removable storage and MTP/PTP devices but restrict it to certain file types. For example: documents (PDF, DOCX, XLSX ...) and image files (JPG, PNG ...) are allowed but opening/copying executable files (EXE, MSI ...) and script files (CMD, BAT, PS1 etc.) are blocked.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
  14. Better handling of alerts when a firewall blocks an application

    Currently (7/1/20) in Sophos Central endpoints of ours with certain VPN software also installed will show events that a firewall has blocked application (fill in the blank). There's a couple of things I'd like to see improved. In our case this is normal for our VPN software to do this. These events along with other AV events can make it seem like something worse is happening at the endpoint, and can be misleading.

    -What was the firewall or application that was seen blocking another application? Can the event also contain this information?
    -Ability to ignore or make an exception for…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Data Control: Add Remote Control Applications on Destination Application List

    We would like to Monitor/Block File transfers on specific remote applications like Zoom, Webex, Teamviewer, AnyDesk and alike using the Data Control Policy on SEC. On the current feature, only Skype is listed under the VOIP Application and no other options for Remote Applications.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  16. Vulnerable Software Report

    The Application Control feature allows for blocking of vulnerable versions of browsers, acrobat, etc. There should a reporting feature that will show all current vulnerable versions of popular software based on what version is installed and compared to the CVE Mitre index.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Patch Assessment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Endpoint Monitor Only Mode

    Allow for deployment of the Sophos Endpoint Control in a monitor only mode. This mode should enable all features of Sophos Endpoint Control but only log and not block anything. This would be extremely helpful when protecting endpoints with custom configurations and hardware. The current method of "try and change" where you deploy then constantly tweak and change settings to get the device/software to work is far too time consuming. Having a monitor only mode would allow the device to work while reporting issues/non-compliance which then we can create policies and apply, while still in monitor mode, to determine if…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos Device Encryption Suspended Verbose Logging

    When updating your windows machines multiple alerts are fired informing admins Device encryption has been suspended. The thought here is to put more verbose logging so these aren't generic alerts but rather actionable alerts. Informing admins if the suspension is due to patching would be helpful as this is a standard practice that occurs every 30 days or so. This would help increase the priority to review this alert if we are able to distinguish between a patching suspension or another process which should be looked into more seriously.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable Safeguard Enterprise for DUO

    Please enable Safeguard Enterprise to work with the 2nd factor authorization solution DUO (https://duo.com/) If both products are used on the same machine the single sign on in Safeguard Enterprise doesn´t work anymore.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  20. Sophos Endpoint - In Web Cotrol, split Proxies & Translators

    Sophos Endpoint
    Under Policies, in Web Cotrol, split Proxies & Translators in two different categories.
    I would like to block Proxies but allow Translators .
    There are too much differencies to group them togheter.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Security/Control  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.