It would be very useful to allow Partner Admins to disable Tamper Protection on customer's expired licenses.

sometimes the endpoint health status remains in red if the detection is too old or in other situations.
Resetting the endpoint status from Central could help in understanding real client problems and getting focus on them.

It would be great being able to download the suspicious file from Central (also if the endpoint is actually offline) to investigate on them. Another option would be to directly report virustotal result, as this is probably the first check all of us try on suspiciuos file.

It would be useful to be able to import external yara taxii and stix data and schedule the running stage with alerting on detection. Also, using sha1 could be of help.

It would be useful to be able to import external yara taxii and stix data and schedule the running stage with alerting on detection. Also, using sha1 could be of help.

I believe Sophos should have some installation & troubleshooting videos and or training available for new users installing Sophos for the first time.
Getting installation/configuration assistance is time consuming and frustrating for new installers.

It would be wonderful if there was an option to run a report to find out which endpoints have Tamper Protection turned OFF/ON. Or an option to sort the Devices list by Tamper being off/on.

Add the ability to create a task to restart a device. iOS specifically

When we run campaigns, we would like "caught" users to be immediately reported via email to a specific email address in real time so we don't have to continually run the results report. If this could generate the training URL also but instead of sending it to the user, send it to the notification email address, that would allow us to take faster action versus learning about the issue a day or so later.

Apparently I'm not the first one to come up with this idea. Would be a great feature to be able to initiate a manual scan on all devices in event of a possible threat and not have to do it one machine at a time.

In the Quarantine Summary email, give me the additional action options to Always Permit and Block. Saves a ton of time having to log into the web portal to find each email.

Provide the ability to search your Quarantined messages. Helpful if you are looking for a message and not sure if it made it past the quarantine. Currently you have to just scroll through the list, very time consuming and counter productive.

please improve the search and filtering on the email gateway quarantine.

allow order by subject, and filtering by reason, subject etc...

Hello Team,

Requesting to Extend the archive logs for Sophos Central Log.io for Phish Threat Campaign for 30 days or more as this will be helpful for the customer and for the technical support to perform further investigation for the behavior of campaign that run for 30 days.
For your assistance please. Thank You.

Suggestion for Device Encryption:
Admins need the ability to confirm how many devices do not have a "successfully retrieved encryption key" in the Sophos dashboard. Either a metric on the Encryption Dashboard that provides a list of such devices, or the ability to query for it, like a report.

end-user is getting Sophos central alerts including DLP. user does not have any membership of the alert configured group also does not have any administrator role as Help desk, Administrator, Super Administrator in Sophos central.DLP alert is a security incident, it should not disclose with end-user.

Record all commands run on a device by a Sophos Central admin during a Live Response session and make the transcript available, either for download or viewable some other way. Currently the Audit log records when sessions are run, by whom, and on which device, but the logs don't indicate what happened.

A transcript of what commands were run would be nice to have for auditing purposes and to include with any forensic investigation reports, especially sensitive cases or cases involving potential legal ramifications where the ability to document exactly what was done to a system would be beneficial.

Tamper Protection Whitelist to allow other security programs to interact with Whitelisted Registry settings. Crowdstrike Falcon is used to collect data for Digital Forensics and is needing set a registry setting in a place protected by Tamper Protection.