Sophos Central Installer checks server availability. Somehow that check was passing during last week's outage when Sophos servers were not able to complete installation and protection. The installer's checks should verify that all resources are available for protection to succeed, so that the installer is not able to uninstall existing protection and *then* fail, leaving endpoints unprotected. Moreover, Sophos needs a switch to flip to force this check to fail the next time they have a catastrophic outage like they did 11-14 July.

Actual there is no way to be alerted by a Exploit Prevetion Event like the E-Mail Notifications in the AV & HIPS Module. Many of our customers are horrified why that standard function is not implemented!

Currently Microsoft Edge is not included as a destination within the Data Control policy for the on-premise Enterprise Console.

I have had InterceptX Root Cause Analysis (RCA) cases detected with low, medium, and high priorities -- but none of them generated an alert email.

It is very important that they do so, because RCA cases imply that malicious code has attempted to run on an endpoint, and this requires manual investigation to ascertain the cause.

At the moment it appears that the only way of noticing if you have a new RCA case to deal with is if you manually go Dashboard -> Endpoint Protection -> Root Cause Analysis.

This is a feature request for settings to be added for the configuration of the time zones in Sophos Central's Reporting capability. The reports are currently based on the UTC timezone. As a result, the times recorded in the reports are different to the ones recorded on the Central Dashboard.

If there was a option to run a task after the full scan is completed, like switch off the computer would be awesome.

Actual new Exploit Prevention Events are shown for 7 days in SEC. After 7 days you only find them in the detail page of each computer/endpoint, which is ok for me.
But during these 7 days there is currently no way to acknowledge an event and by this "hidding"/marking as "already seen".
This is essential if you want to get to know which events are new and has to be examined and which you have already done. Especially if there are more than one admin.

Be able to classify certain alerts, such as a medium 'Reboot required after software update' as informational.

Allow email alerts to have more control of what's being alerted. Right now we're getting alerts for machines that need to be rebooted, yet they're being reimaged so they will get rebooted anyway.. Rate this as a 3.

I wish Sophos would send notifications if one of the Sophos related services were not running on a particular endpoint. I'm using Sophos Cloud and in this example, a computer had been running for a few days without the Hitman Pro service ransomware protection running and I was not notified. The rest of the Sophos Endpoint services are running. Please advise. Why you don't have these alerts enabled and when I can expect to have this feature.? Thanks

It will be great if Sophos Central could sync with cloud Domain for example jumbcloud.com that support LDAP query

It would be a great option if we can add regexpressions into the settings -> global -> websites

Within the Notification Section in the Policy for Web Gateway on Central it does not automatically give the name of the Policy.

Having the Name of the Policy or an Identifier will be useful for an IT Admin if a user is calling with and issue and they have several policies.

Quite a few customers requested purge option, to say - remove all of the machines , which have not checked it with Central in more than 60 days.

Include the status of the Sophos Central platform in the login to your instance of Sophos Central. Alternatively, when there is an outage affecting the region you are connecting to, throw up some type of notification upon login so that way you don't start trying to install endpoints only to have them fail.

We have a ton of old computers listed that have been retired & removed from AD, but are still listed in sophos. It would be nice if AD sync had an option to automatically clear these up.

If it's not in AD and it's not reporting as online (For 2 weeks) -> Purge.

Can you make the Sophos central endpoint client systray icon flash yellow when the client requires a reboot - the end users are not prompted to reboot unless they open the client status page (which they do not !!!!).

So the only current way to see installed components is via Devices > Computers > Manage Endpoint Software but this view is very limited.

Can a drop down be created to show say for example -

>Endpoints with Endpoint Standard
>Endpoints with Endpoint Advanced
>Endpoints with Intercept X

Hope this makes sense.

In the 'Add Peripheral Exemptions' section, there should be an ability to re-size and make bigger (both the actual window and also each column) to ensure that we can see the exact models that we will be allowing. We have multiple pieces of hardware that have very similar Model and ID numbers but some are allowed and some are blocked for certain groups, and currently because the columns are so narrow, it is difficult to determine which is which.