Sophos Central
Suggest, discuss, and vote on new ideas for Sophos Central. The unified console for managing your Sophos products.
Please raise all product releated feature requests in the respective product forum
-
program list
feature request - list of programs for devices with endpoint and server protection.
2 votes -
Allow File Transfer does not record event using drag and drop onto internet browser
I've been doing some testing for the "allow file transfer" action. I'm testing this action for logging files uploaded to the internet via web browser. I've noticed that an event is only logged when the user uses the "attach" button which brings up file explorer. An action is not recorded when a user does drag and drop functionality. Specifically I'm testing this using gmail file attachments.
Thanks
1 vote -
Live Response Usage Report
Live Response in Sophos Central is a power tool (essentially SHELL) and need fs to be monitored when people use it. There should be a report that can be scheduled to automatically be sent via email to Admins on a monthly basis that shows whenever Live Response was used and the comment that the Admin entered in the "Purpose" field along with the time stamp etc. The same info that shows up in the Audit Log but specific to Live Response Only and configurable in a report that can be configured to auto distribute on a cadence s/a monthly.
1 vote -
scan computers
We need to be able to scan a group of computers based on certain criteria, such as all Windows 7 computers, or all computers in a subnet, etc. I'd even be happy being able to select every computers in the console to scan at once. This is a very basic feature that was available in SEC and should've been implemented in Central on day 1.
1 vote -
authorize ML/PE oder PUA
I want to be able to authorize ML/PE oder PUA or other blocked applications from the Alerts with a single click to my configuration.
Pls see: ref:00D301GN6a.5003Z1BE85Z:ref1 vote -
Simple way to re-register device with the console
Re-register a device with the Console without having to disable Tamper Protect. If for some reason a device stos talking to teh console, goes out of sync in some way, or is deleted by accident, you have to disable Tamper Protect in order to run the setup again with the --registeronly switch and register with the console, this means going in to safe mode and disabling a load of stuff.
This needs to be much simpler, just re-rgister without disabling tamper protect, even if you have to enter console admin details, anything that make my life simpler not harder.I…
1 vote -
YARA rule integration
I would like to have the ability to define YARA rules and use them to process inbound files and if triggered, alert/block/quarantine the file.
Here is an excellent article that describes a way bad actors can try to sneak malicious file macros past AV agents, and then describes YARA rules that can be used to find files that have had the VBA Purging technique used on them. (https://www.fireeye.com/blog/threat-research/2020/11/purgalicious-vba-macro-obfuscation-with-vba-purging.html)
2 votes -
update policies to loggin user
When a user logs on to a computer, it takes some time for the policies to update.
I suggest adding a setting that allows you to force a sophos update each time a user logs in1 vote -
Need to Configure Daily alerts in DLP
We need to schedule all our policy which applied to users on daily basis, but in sophos the option is not there and also mainly for Critical policies like Policy violators in DLP. Really we need this option in our portal as we pay money for your product.
1 vote -
Need Export option in Website Management
We have added around 1000 url's in website management, but when we want to really look into it and to rework we need to export the url's in csv format . But sophos central really doesn't have that option, dono why the guys in sophos really think about customers pain and enable the option. We are getting bad impact on the product where the backend team also couldn't help.
1 vote -
Enable Save as Custom Report feature for Enterprise and Partner dashboard
The Save as Custom Report option is only available with Sophos Central local admin account. However in our environment, we have over 10 sub-estates which means over 10 local accounts with over 10 MFA tokens for a single person to make this feature to work in our enterprise. Hope this function is enable in the Enterprise dashboard.
1 vote -
Endpoint status cleaning (reset the status to green manually)
Often we cannot get endpoints to green status and they are stucked in a yellow or red status, after the malware (i.e. eicar also) was already deleted, there is no way how you can get it back (simplest method is to reinstall the Sophos endpoint).
2 votes -
Restrict CPU usage per client and or as a global setting
We really need to have CPU usage restrictions in place, especially for server machines. Right now the CPU usage from scanning eats up the entire set of processors and nobody is happy. Please give us this holiday wish and we will be very happy here.
1 vote -
Blocked items
Need to have ability to upload csv/tsv into Blocked items so we don't have to input hashes one at-a-time which is too time consuming
2 votes -
Need to increase or unlimited adding websites in Website Management settings.
Need to increase or unlimited adding websites in Website Management settings.
Currently allowed only 50001 vote -
Support
The endpoint does not work, I am still getting spam after a supposed fix. I cannot submit a new case via the Sophos endpoint, it just tells me there is an error and try later, cannot submit a ticket on line because of a Single Sign-On Error with Sophos, To me this program is not fit for purpose after spending £3000.00 with you, your technical has not been able to fix it in two weeks. I require a resolution to this, I would prefer to go back to Pure Messaging
1 vote -
Better Logic for newly installed Machines
When protecting machines for the first time - following the first protected machine... When further machines are protected - the machines are mapped to the first machine's user's name. These machines have never been logged into by this user. Is this a case of the machines getting the "Only Available" user? Can this logic be improved by not having an associated user until the install has completed.
1 vote -
Edit Saved Threat Searches
It would be nice to be able to edit saved Threat Searches, so that you can continue to build an IOC list while threat hunting, whereas now you have to create new, seperate searches after you've saved one.
1 vote -
Sophos Team kindly enable website blocking support on IP V6 also
Sophos Team kindly enables website blocking support on IP V6 also.
If we restricting user web access of system & if the connect mobile data or sim base any data card that restriction for web access are getting override because mobile data & sim base data card works on IPv6 only1 vote -
email alerts
I would like to see more control over email alerts. Right now it seems the alerts are more setup for Roles. It would be nice to configure alerts in the policy, so only users associated to a policy or group will see their own alerts , rather than all alerts for administrators , super admins, helpdesk... ect... It would be nice to also be able able to configure alerts to the group level , lets say you have a USA group and an Asia group, alerts would only go to the respective group.
2 votes
- Don't see your idea?