Having to click 3x to clear each of these 60 alerts I am dealing with is absolutely ridiculous. Does Sophos hate us? Give us some check boxes next to all of these status alerts so that we can bulk reset the alerts.

When login to Sophos Central - use 2fa (send code to mobile)

Need to add auto Exclusions for domain controllers and HyperV in the same way as Exchange and SQL are currently added.
Also Microsoft requires that a default exclusion for all Windows machines be set for the Windows Update DB folder, Group Policy and Win Security folders. It isn't mentioned anywhere if the product excludes those folders on Windows machines as Microsoft request you to do.

https://support.microsoft.com/en-us/help/822158/virus-scanning-recommendations-for-enterprise-computers-that-are-runni

Technical Support Case Current Status

Needs to be a report that shows you which machines have intercept X on them

When i look at managed customer usage, and see 1 or 2 machines listed in intercept X, but non show in the managed section and they are not on by policy, this is resulting in us paying for something we are not using.

Third class service..

The ability to make a remote connection to an endpoint that is in isolation (red) mode from central admin to be able to work on the client if the endpoint is not able to clean the threat making it isolated. Otherwise you need to drive out to the customer as we did back in the 90's.

Inside Phish Threat, we would like to see the ability to sort available users that we are adding to a campaign by: whether the user is a Active Directory User vs. Sophos-Managed User.

Would be really helpful if definition updates would be considered a report-able event, today they don't seem to alert to where we see them on a regular basis. or it would be even more helpful if "Recent events" were searchable. say for example i would like to find every computer who's last even is "Failed to install savxp: uninstalling an older product failed." I would then be able to target those systems for a reboot (as they are pending) and in many cases the above Event does not report under the category "Pending Reboot"

As an organisation we must control all changes and provide our current policies and settings to the auditors so that they can review them. Currently this is impossible without creating them a Sophos account. We should be able to export these settings.

How to download the reports for the antivirus definition or endpoint advanced version.
No reports available
.
How to download the reports for the anti-malware installed on the number of systems in my organization

How to download the reports for the antivirus definition or endpoint advanced version.

Sophos team,

Dropping a line to suggest allowing your Central customers to remove / delete "bulks" of machines using .csv or TXT list.

This would help a lot with management of large fleets of systems.

-Thank you,

--jm

Add option to allow device or software based encyrption - yes this can be achived by GPO, but this would cover machines not on an AD domain or ones which may be disconnected from the domain for considerable time (i.e. those that would really be benifit from encyrption).

Also it would be useful in reporting encryption status to highlight machine using hardware encryption SSDs which are known to be flawed (reporting the encyption type is mentioned in several other suggestions) to help with compliance.

Can we see when the last policy update was actioned on the main interface or when you hover over the shield as we have no indication when a machine has received a new policy for troubleshooting and checking

Currently there are many actions that only super-admin can take, such as remove PCs and add/remove PCs to groups. There should be more options for admins to be able to do some super-admin actions, but not others such as editing policies. This way we can empower people to manage the rollout of Sophos and policies such as Full Disk Encryption, without being able to change/edit the policies.

Scanning for threat detection negatively impacts system performance by slowing it down and is impossible to stop it.

La scansione per la ricerca di minacce impatta negativamente sulle prestazioni del sistema ed è impossibile arrestarla, anche da console web.

Ability to add user based exclusions in application control. for example: we have 3500 users currently utilizing the default application control policy. now 1 user is building out a POC for Hip Chat (Slack). My options are to currently allow it for all users, or build a new application control policy and add only him to allow Slack. That is fine for 1 or two users, but when we have 400 app dev it is an unmanageable solution.

PLEASE add alerting, be it email or dashboard, for File Integrity Monitoring (Central). I understand that we can send it to the windows event log or use the native log, but we have 5000+ servers and not all of them send to Splunk. Due to the high costs or running Splunk, for a medium size company, I am not about to up our license just to get alerts for Sophos FIM functionality. In the end it would be cheaper to move away from Sophos and go with Tripwire.