Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Application Control - Selective detect/block aplications on the same policy

    On the Application Control, allow, on the same policy, to block some applications while keeping others as detect only.

    36 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
    Under Review  ·  Karl responded

    We discussed this when developing the application control policy for Sophos Central managed endpoints. At the time we decided to maintain feature parity with on-premise managed endpoints (SEC). While this capability is not available it is on our short list but does not appear on any planned delivery timelines at the moment. We evaluate and prioritize enhancements for the product multiple times per year.

  2. Want to have the specific revomavable device that was used (thumb drive, cellphone, HDD, etc) and the device ID on the Data Control Log

    Removed personal/company/partner information

    Sophos Product Information

    Sophos Product: Sophos Enterprise Console

    Version in Production: version 5.2.1.197

    Feature Request Summary

    How will this new feature address your business requirements?:
    This will mainly help in our security reviews to provide relevant information about data/file transfer here in our company.

    How would you rate the importance of this feature?; 1 = Critical, 5 = Nice-to-have:
    1 (Critical)

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add Kanguru Defender Elite30 model series Secure USB drives to supported Device Control list

    With an expected implementation of restricting use to solely encrypted flash drives for our company, add the Kanguru Defender Elite30 model series to the supported device list in the Secure Removable Storage category of Device Control.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Device Control  ·  Flag idea as inappropriate…  ·  Admin →
  4. HTTPS for ICAP

    Currently SAVI/SAVDI only supports HTTP for ICAP. As HTTP is a non-secure method for file transmission, new feature HTTPS for ICAP is needed.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. More options for configuring client profiles.

    Especially we need to specify more in detail the on access scan Options. In my case it would be necessary to set on Access scan only for write Access.
    This is not possible now.
    The same Options as for Server profiles in category "Real-time scanning - Local files and network Shares" would be enough for the Moment.

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  6. Sophos Cloud - Allow to disable popup alert detections on the endpoint

    On the Sophos Cloud Dashboard, allow to disable the popup alert detections so that the detection information is displayed only on the Dashboard console.
    This same feature is already available on the SEC (On-Premise endpoint console) but not on the Cloud dashboard.

    18 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Started  ·  2 comments  ·  Incident response  ·  Flag idea as inappropriate…  ·  Admin →
  7. App Control list

    I would like to be able to extract the effective block/allow actions on Application Control. I plan to have 5 different policies and would need an export of each one for management approval. I see no way to do this currently, except to click through each group setting.

    4 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  8. Firewall Events - Add a source address so that we know which machines to investigate without having to run a report.

    Firewall Events - Add a source address so that we know which machines to investigate without having to run a report. That way we can get to the potentially compromised machine quickly and review its local firewall logs.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Malicious Traffic Detection (MTD)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add the ability to add Relay or Domains to the Configure users and groups to be included or excluded with this policy rule.

    Add the ability to add Relay servers or domains to the rule
    Configure users and groups to be included or excluded with this policy rule.
    instead of just specific email addresses,

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  10. Linux endpoint pass AD domain to SEC

    Allow linux endpoint to pass or detect the AD domain so that it doesn't have the issue described below.

    This will allow the use of AD sync and linux machines in an enviroment where the agent can be re-installed or the OS re-imaged.

    https://community.sophos.com/products/endpoint-security-control/f/3/p/9843/30725
    https://community.sophos.com/products/endpoint-security-control/f/16/t/9845

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Sophos Services preventing to stop in administrator User

    Sophos AV can prevent stopping on their services as you log on as Administrator account to prevent disabling the features of sophos.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Removal tool for McAfee SaaS anti virus software

    As instructed by our account manager I'm submitting a support query to request an additional detection be added to the CRT. So that the Sophos installer is able to detect and remove installations of McAfee SaaS anti virus software

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  13. Separate Policy for Alerting

    When working in large environments with several sub-estates it would very useful having a separate policy for the alerting via E-Mail or SNMP

    Typically components of the AV+HIPS policy (e.g. Exclusions) can be reused in the sub-estates but in scenarios where have to alert different groups of administrators it would improve the usability when we could provide a separate alerting policies.

    So we would have a much smaller count of AV+HIPS policies and only one alerting policy per sub-estate.

    13 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  14. ARP Spoofing detection in Sophos Anti virus manage by SEC

    On be half of our client we will request this features to have on your Sophos AV Manage by SEC Server to prevent in ARP spoofing/poisoning.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  15. For the Cloud portal for Partners it would be great to be able to make global exceptions for all of our clients. Thinks like Labtech and Ka

    For the Cloud portal for Partners it would be great to be able to make global exceptions for all of our clients. Thinks like Labtech and Kaseya drop a lot of files that Sophos detects as PUA's (produkey/nircmd/psexec) that have to be re-mediated client by client event though they are all in the same directory. I'm thinking that in the area where you have tabs for account detail and alerting now there could be a global exceptions tab to push to the clients or a selected group of clients.

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  16. The migration (server to server) guide could be more verbose about user accounts.

    For example explaining which users are required when migrating from older servers. How the EMLibUser no longer exists and thus is not needed. What a SophosSAU0 account is, or a link to the kb explaining it. (https://www.sophos.com/en-us/support/knowledgebase/58627.aspx)

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Alert email

    Client wants that as an administrator, they are receiving the Alert email for Out -of-Date Computers Or with other Alerts setting email but this email doesn't contain the list of related endpoints and their description, which Admin wants to quickly look from the email rather than go and jump to console.

    9 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Be able to delete compressed files that have an infected file in them.

    Be able to delete compressed files that have infected files in them. Either as a default setting or as a option in the enterprise console. Many of the virus/adware that can not be cleaned are inside compressed files. In almost all cases deleting the compressed file is the preferred solution..

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Sophos Enterprise Console (SEC)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Data Control

    Sophos Product Information

    Sophos Product: Endpoint

    Version in Production: 10.3

    Feature Request Summary

    Verification on content rules.

    Case reference - http://sophtrac/Default.aspx?caseid=4653988

    How will this new feature address your business requirements?:

    Better able to track user actions in incident and investigation scenarios

    How would you rate the importance of this feature?; 2

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow install of SAV on a different drive and allow option to install components on other drives

    Allow the option to select where SAV can be installed on an endpoint and allow the option to select where the components for SAV can be installed to.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.