Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Scan ALL

    Scan ALL Computers from Central

    8 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  2. PC Helpline

    IQ TechLine has been providing quick and reliable solutions to users as well as businesses through PC helpline number. Their IT experts are always ready to deliver most reliable and enhanced services to improve the performance of a system.
    Website:-https://www.iqtechline.com/support-for-pc-optimization

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  3. Update Sophos Version/Agent Manually to make up for lack of Control in Controlled Updates

    Currently in Sophos Central we can add servers to a Test Group and prevent all other servers from having their agent update.
    This is completely inadequate. Need to be able to create more Server Groups and be able to update to the new version by server group.

    Should be able to download a manual install for the new version and apply it to the servers while Controlled Updates is turned on.

    This would allow us to update critical servers at a time of our choosing.

    Right now, the option is Update All Servers - This is equivalent to pushing the…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Updating  ·  Flag idea as inappropriate…  ·  Admin →
  4. Detailed Reporting of Installed Agents

    Need to be able to see the protected servers with a list that shows more details. Agent Version, Component Versons. Customize Lists.

    Need to add a report to produce a detailed server list and installed component versions.
    THIS IS AN AUDITING REQUIREMENT - KPMG!

    Thanks.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ability to change Network card binding order

    Servers with multiple network cards. Endpoint binds to the wrong network card.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Next Generation Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  6. Force bitlocker recovery mode from Sophos Cloud console

    It would be great if we could force a device into Bitlocker "Recovery Mode" from the cloud console. This would effectively lock untrusted users out of the device that was lost or stolen.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Sophos Home Premium for Linux

    Sophos Home Premium is only available for Windows, why not for Linux and Macs. There are a large amount of Linux users that would value a Premium license for Linux home users. Not sure how secure is the free version of Sophos Linux AV. I'm sure users of Home Premium would valus te ability to see their Linux devices in the Sophs Home portal.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. web control policy granular logging

    Allow web categories or web sites to be deselected from logging. Example, if you block 'personals and dating' you get multiple connections to graph.facebook.com connect.facebook.net and api.facebook.com even when the user is not deliberately attempting to log in to facebook. This creates a large volume of alerts which obscures genuine infringements.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. ESA Backup vis SFTP (TCP Port 22)

    Sophos Email Appliance currently only support backup via plain FTP on port TCP 21. FTP transmit everything via plain text including the username and password. I would like to request support backup via secure protocols (i.e. SFTP). Thank you in advance.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. DLP Custom rules

    I would like to list the number of records on a Custom Content Control List. So if I have a custom Account number, I want to list the number of those accounts that can be sent at one time. Right now, all I can do is specify the custom account or match a certain phrase. The only categories that I can specify the number of matches is on the Sophos Default DLP Policies.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
  11. in application control policy we need to select particular component to allow

    in application control policy we need to select particular component to allow

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Intercept X - SDU Tool - Troubleshooting Files Excluded

    While working with Support we provided the SDU logs for investigation. Sophos Support came back and requested some additional files not captured as part of the SDU tool. Please add an option in the SDU to include these sources.

    To obtain these files we needed to disable Tamper Protection, and copy the files ourselves.

    From Sophos Support:
    To further progress, we will also require you to copy, zip, and upload the following directories to our FTP. The reason we require these folders is because they contain the snapshots of the event in a .tgz format which our SDU tool does…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  13. Intercept X - Threat Case - Root Cause not Identified, No Threat Case

    After upgrading to Intercept X with EDR there are situations where a Threat Case is not created. Sophos Support mentioned a Threat Case was not forwarded to Central because a root cause could not be found. Even when a Root Cause cannot be identified consider creating a Threat Case so customers have access to the additional context information. Perhaps set the beacon as the root cause.

    "Note: Threat cases are only created for malicious detections; this does not include detections for PUAs, Application Control, Device Control, Web Control. Additionally if Sophos isn't able to automatically confirm a root cause, a…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Next Generation Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  14. When Threat Case is not created revert to Pre-Intercept X behavior

    After upgrading to Intercept X with EDR in situations where are Threat Case is not created revert to the pre-Intercept X behavior of publishing the Detection Event as an Alert.

    "Note: Threat cases are only created for malicious detections; this does not include detections for PUAs, Application Control, Device Control, Web Control. Additionally if Sophos isn't able to automatically confirm a root cause, a Threat Case may not be generated."
    https://community.sophos.com/kb/en-us/125120

    We've gotten a number of malicious Events which haven't created corresponding Threat Cases for hosts assigned to the Intercept X with EDR policy. Sophos Support mentioned a Threat Case…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  15. Invincea Sandboxing

    Hi guys, when Invincea was bought by Sophos I was excited about Invincea's sandboxing feature to be included to Sophos Endpoint Protection.
    This however doesn't appear to have been planned.
    Useful scenarios include:
    - Running unknown/suspicious applications in a sandboxed environment.
    - Opening email attachments
    - Opening downloaded files
    - Manual use by security admins (Specify programs to run in sandbox, or temporarily whitelist a blocked program/file forcing it to run in sandbox for investigations.)

    That last one is particularly useful, as we've recently had a case where some emails were flagged by Sophos and quarantined. Sophos would block us…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  APT/zero day detection  ·  Flag idea as inappropriate…  ·  Admin →
  16. clear multiple alerts

    From Cloud Console, Status Tab, Alerts section, it would be great to have an option to select multiple alerts and clear them/acknowledge them all at once. If I'm addressing an endpoint with multiple actions, I have to go through one by one and Mark as Resolved. At the very least they could be grouped so that I don't have to confirm multiple instances of the same persistent file being cleaned up because another infected computer on the network is dropping a file on it and Sophos is deleting it. If this happens after hours I could have 20 of the…

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  17. Tool kit for incident response

    Whenever I'm forced to do a manual cleanup, I invariably use the same tools, which are effective but scattered and sometimes difficult to use. It would be great if some of these items were packaged together and could be run from a "cleanup dashboard". A Swiss Army knife for repairing infected endpoints. Often, I'm responding to a new customer that doesn't have Sophos yet and this is my time to shine and SELL.
    -Sysinternals Autoruns
    -Refined SOI tool (archaic and easy to accidentally shut down) that can pinpoint the faulty node without me poring over 25MB of text
    -Sophos batch…

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Incident response  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow CPU % limiting for Sophos Processes

    Give the ability in Sophos Central to limit CPU usage for Sophos overall. This would apply to scheduled scanning as well as any process that is using high CPU at login. I want these things still happen but be less noticeable to users.

    23 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  19. File Integrity Monitoring on Linux Server Protection

    Enterprises need File Integrity Monitoring on their Linux system files. This is a requirement for all systems requiring Continuous Monitoring (NIKST 800-137) which are all defense contractors, Government contractors, government agencies, and soon, all HIPAA covered entities.

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Linux Server  ·  Flag idea as inappropriate…  ·  Admin →
  20. Again and again, I find that it is very time-consuming and almost impossible for the end user to fail when installing the Sophos Security VM

    Again and again, I find that it is very time-consuming and almost impossible for the end user to fail when installing the Sophos Security VM, especially if the error is due to a failed during SSVM installer. Since the introduction of the Sophos for virtual Environment in Q1 / 2018, we have repeatedly had to spend a lot of time resp. Time lost, because we did not comming forward as fast as we planned! It would be desirable to have errors made clearer and more transparent, at the beginning and not at the end of an installation. Why a test…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Virtualisation  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.