feature request - list of programs for devices with endpoint and server protection.

I've been doing some testing for the "allow file transfer" action. I'm testing this action for logging files uploaded to the internet via web browser. I've noticed that an event is only logged when the user uses the "attach" button which brings up file explorer. An action is not recorded when a user does drag and drop functionality. Specifically I'm testing this using gmail file attachments.

Thanks

Live Response in Sophos Central is a power tool (essentially SHELL) and need fs to be monitored when people use it. There should be a report that can be scheduled to automatically be sent via email to Admins on a monthly basis that shows whenever Live Response was used and the comment that the Admin entered in the "Purpose" field along with the time stamp etc. The same info that shows up in the Audit Log but specific to Live Response Only and configurable in a report that can be configured to auto distribute on a cadence s/a monthly.

We need to be able to scan a group of computers based on certain criteria, such as all Windows 7 computers, or all computers in a subnet, etc. I'd even be happy being able to select every computers in the console to scan at once. This is a very basic feature that was available in SEC and should've been implemented in Central on day 1.

I want to be able to authorize ML/PE oder PUA or other blocked applications from the Alerts with a single click to my configuration.
Pls see: ref:00D301GN6a.5003Z1BE85Z:ref

I would like to have the ability to define YARA rules and use them to process inbound files and if triggered, alert/block/quarantine the file.

Here is an excellent article that describes a way bad actors can try to sneak malicious file macros past AV agents, and then describes YARA rules that can be used to find files that have had the VBA Purging technique used on them. (https://www.fireeye.com/blog/threat-research/2020/11/purgalicious-vba-macro-obfuscation-with-vba-purging.html)

When a user logs on to a computer, it takes some time for the policies to update.
I suggest adding a setting that allows you to force a sophos update each time a user logs in

We need to schedule all our policy which applied to users on daily basis, but in sophos the option is not there and also mainly for Critical policies like Policy violators in DLP. Really we need this option in our portal as we pay money for your product.

We have added around 1000 url's in website management, but when we want to really look into it and to rework we need to export the url's in csv format . But sophos central really doesn't have that option, dono why the guys in sophos really think about customers pain and enable the option. We are getting bad impact on the product where the backend team also couldn't help.

The Save as Custom Report option is only available with Sophos Central local admin account. However in our environment, we have over 10 sub-estates which means over 10 local accounts with over 10 MFA tokens for a single person to make this feature to work in our enterprise. Hope this function is enable in the Enterprise dashboard.

Often we cannot get endpoints to green status and they are stucked in a yellow or red status, after the malware (i.e. eicar also) was already deleted, there is no way how you can get it back (simplest method is to reinstall the Sophos endpoint).

https://ideas.sophos.com/forums/285723-endpoint-protection/suggestions/33692620-allow-cpu-limiting-for-sophos-processes

We really need to have CPU usage restrictions in place, especially for server machines. Right now the CPU usage from scanning eats up the entire set of processors and nobody is happy. Please give us this holiday wish and we will be very happy here.

Need to have ability to upload csv/tsv into Blocked items so we don't have to input hashes one at-a-time which is too time consuming

Need to increase or unlimited adding websites in Website Management settings.
Currently allowed only 5000

The endpoint does not work, I am still getting spam after a supposed fix. I cannot submit a new case via the Sophos endpoint, it just tells me there is an error and try later, cannot submit a ticket on line because of a Single Sign-On Error with Sophos, To me this program is not fit for purpose after spending £3000.00 with you, your technical has not been able to fix it in two weeks. I require a resolution to this, I would prefer to go back to Pure Messaging

When protecting machines for the first time - following the first protected machine... When further machines are protected - the machines are mapped to the first machine's user's name. These machines have never been logged into by this user. Is this a case of the machines getting the "Only Available" user? Can this logic be improved by not having an associated user until the install has completed.

It would be nice to be able to edit saved Threat Searches, so that you can continue to build an IOC list while threat hunting, whereas now you have to create new, seperate searches after you've saved one.

Sophos Team kindly enables website blocking support on IP V6 also.
If we restricting user web access of system & if the connect mobile data or sim base any data card that restriction for web access are getting override because mobile data & sim base data card works on IPv6 only

I would like to see more control over email alerts. Right now it seems the alerts are more setup for Roles. It would be nice to configure alerts in the policy, so only users associated to a policy or group will see their own alerts , rather than all alerts for administrators , super admins, helpdesk... ect... It would be nice to also be able able to configure alerts to the group level , lets say you have a USA group and an Asia group, alerts would only go to the respective group.