Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Ability to select resolution to detections

    On Sophos Endpoint policies, having the ability to decide on "Action to take"on all detection/issues.
    When building software packages for deployment we receive numerous false positives.
    Having the ability to respond to a detection to say "This is a safe file" would save many hours wasted adding exceptions and repackaging again. This is already an option for "Low reputation files downloaded".

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  2. Application installed

    On Sophos Central, just like on the server protection which Sophos agent able to see what applications are installed on the servers. On the endpoints should also has this inventory of application features. This will help to see what applications are suspicious and looking for unpatch applications.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Next Generation Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  3. Deception Technology Integration

    A Sophos competitor has recently released a new feature into their Security platform. They are calling it "Advanced Deception Technology". It essentially deploys a variety of different honeypots throughout your network and automatically reports on them when any of them are accessed. There are MANY companies that don't have the know-how, time, or money to implement these sorts of proactive measures. I would love to see this as an additional feature that could be integrated into the Sophos Central platform as part of the EDR solution.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  4. You should not be limiting the size of messages, that is the email server's job.

    I have two clients that are upset with this restriction. As am I. it is not Sophos' job to control the size of messages. Microsoft 365 has an upper limit of 150 MB, your services should be matching that, or remove the limit altogether.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  5. custom hash list feeds


    1. support automation of adding block hashes into endpoint protection blocked items via custom feeds


    2. alerts on the dashboard for detection of files that are in the blocked item list. currently there is no alerts on the dashboard. if one does not have a SIEM to do monitoring, then one must manually check each endpoint in the central to see who has detection due to the blocked item list.


    3. option to automatically create case based on item 2.


    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  6. Sophos endpoint protection new feature request

    endpoint software does scan the registry for potential malware.

    But I hope to add a registry function,

    Allow users to block applications that are not allowed to be installed through the registry.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  7. Block Windows 10 Apps

    the current Mail App (Windows 1909) has no exe left to start So far it was blocked by SAC. Not anymore. So users can start it.
    ICh used Sophos to block the unnecessary Windows 10 apps. This no longer works.
    Sophos support asks for an exe - I (and no one else) can't provide it.
    Sophos has to adapt / develop here and continue to block these apps as well.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  8. Sophos installation with Saltstack

    We use Sophos on about 100 linux systems for protection. For installation we use a script and that is working well. Because we want to automate the installation of the linux systems further we use Saltstack. By installing Sophos-agent with Saltstack we get errors(service request 03218428). So can Sophos make an installation that works under saltstack.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. .msi installer

    .msi installer for Sophos.

    Is it possible to get an .msi installer for Sophos Endpoint Protection?

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  10. MD5

    Many threat intelligence services offer MD5 or SHA hashes of known malicious files. It would be excellent if Sophos endpoint could report up to Sophos Central on file hashes that were either downloaded from the internet or received by email. Then a SIEM or similar tool could alert if a known malicious hash was detected.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Compromise detection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Simple Addition : Machine reboot status event on Sophos Central

    On Sophos Central, we do get events whether a reboot is required for a server / endpoint or not. But it doesnt generate any event whether the reboot has been completed.

    The same event gets generated on client side but not on console side which is very lame.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable/Disable Tamper Protection for a group of computers

    Enable/Disable Tamper Protection for a group of computers from Sophos Central rather than disable/enable for all servers/computers or each device manually.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  13. Hardware inventory for asset management and audit

    I would be great if sophos intercept-x can gather every installed device hardware & connected devices inventory records for auditing and asset management purpose, as sophos intercept x is related the security, using the hardware records we can identify physical changes in hardware configuration of system like memory, hard-disk etc..

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  14. "A computer is no longer sending security heartbeats" Alerts

    95% or more of the time we get the "A computer is no longer sending security heartbeats to Sophos Firewall" alert email messages, the heartbeat issues clears itself up in 5-10 minutes. Usually this is due to the computer restarting or InterceptX is updating. This generates way to much work to review all those alerts, check Sophos Central to be sure it's back online and then file away or delete the alert. I would love to have a way to set how many minutes the computer goes without sending the heartbeat before that alert is sent.

    Yes, some will say…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New idea  ·  Flag idea as inappropriate…  ·  Admin →
  15. Clear/resolve alerts from endpoint client

    This function is helfull to remove quicly solved alert notification by accesing in admin panel. In some cases, always having to login to the console to reset the alerts is very time consuming.

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
  16. Adding a Description or friendly to an exception to the peripheral control policy

    When you are adding an exemption for an usb drive or some other device being able to give that device a friendly name would be incredibly helpful. I am not seeing anyway to do that. If I need to go back and remove that device because it was temporarily needing access or it was stolen. I can't really do that based on the information available in the exception description. We send USB drive to each or our bank branch locations I can't even tell which drive is located where without naming them in a separate spreadsheet or some other method…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Web Control device policy

    Could we have the ability back to apply web control policy by device instead of only by user? This was a feature in our previous version, and we use it to add protection for laptops. Some laptop users also use other devices so we don't want to apply policy by user, and some laptops are shared so we don't want it to be unprotected if someone else logs in. We prefer to avoid doubling up on protection for devices behind company firewalls.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Security/Control  ·  Flag idea as inappropriate…  ·  Admin →
  18. File transfer block over Anydesk remote session

    Block incoming and outgoing file transfer using anydesk application during remote session.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Data Leakage Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Option to Clear "events.db" or address old Alerts not displaying in events anymore.

    There needs to be a way to deal with old Alerts and Warnings which have gone past the displayable events logs. If any event is causing an endpoint to stay consistently in Red Alert or Yellow Warning state, then the event should stay persistent and never go away until addressed. There's no way to deal with these issues currently other than to uninstall/reinstall Sophos completely or follow the below instructions from Sophos. This will only clear the events log to stop the alerts from showing, but doesn't actually address the original alerts.


    1. Disable tamper Protection

    2. Stop Sophos Health service

    3. Navigate…
    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Incident response  ·  Flag idea as inappropriate…  ·  Admin →
  20. endpoint report

    Please show full Path to threat/malware at the macOS Endpoint (don't know how the windows version behaves). Or make path clickable so that navigation to the needed folder is easier when manual removal is necessary).

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.