We have been using the SAVDI interface for many years now, to check the files that our customers upload into our shop system. This interface is very important for us.
Now we get the information, that the central AV does not support SAVDI. Please bring this product back to your supported products.

Having regex matching in file names for DLP in Sophos Central Endpoint Advanced would be a great feature to reduce false positives.

The Global Settings > Website Management interface would benefit greatly from a few features. Could you please add a column showing the notes added to each entry, so they can be viewed without needing to mouse hover each entry? Also, can the ability to sort by columns and filter by tags be added? This would greatly improve the usability.

Thank you!

We are a media company who regularly download video files such as .mov files, but these are categorized as "Other Executables" in Web Control and blocked. There should be either a "Video Files" category or allow files by extension type as we don't want to allow all "Other Executables".

alot of issues with tiny support

The release notes located at https://www.sophos.com/en-us/support/endpoint-release-notes.aspx do not include every update made to the Sophos client. We sometimes receive emails stating "Sophos has released a product update" but determining which affected operating system is difficult since the current release notes page doesn't always show an update.

Adding a page that is updated consistently every time an update is made available is a feature our organization would get value from.

could a status show for a device when a scan is being run?

Peripheral Control - Allow external devices to draw power whilst being blocked from communication via Peripheral Control Policies.

The ability to add exclusions to computers and or servers individually instead of having a global exclusion or setting up a policy for each server for one exclusion.

We need that computers can be added to several groups like user policies does, we have many of our computers with one policy about device encryption and we can´t add to more groups to apply other policy or simply to organize computers by physical locations.

According to the KBA27213, it is necessary to disable in Windows Server 2016 to avoid performance issue.
It's better to do Windows update before installation.

This kind of information should be addressed in Sophos Central Admin Help to prevent installation issue or any other issue beforehand.

If the admin and endpoint are in different locations, how can the endpoint's Sophos be disabled for the 4 hours troubleshooting without physically entering the tamper password on the endpoint?

It would be much better if the remote administrator could login to Sophos Central and remotely disable the Endpoint's Sophos for a specific period of time without the need to physically logon the endpoint's Sophos.

Otherwise the admin would need to disclose the tamper protection password to the person using the endpoint. Not a good idea. A new tamper password can be generated afterwards but that's not an efficient process.

In DLP, add a feature to restrict users from transferring data via bluetooth and wifi .
If allowed to transfer data via Bluetooth or wifi, data information should be captured

The way you have to manually add exclusions simply sucks and needs to looked at. Each item has to be added one by one!

Would be good to update the destinations with modern instant messaging platforms, such as whatsapp & wechat.

Where new feature are added, like Active Adversary mitigations, over just turning them on and hoping for the best I would like to have a detect and not block option. I can run for 2-3 weeks, if there no issues raised we put it into block mode. This make things 1000% simpler and safer to rollout new feature for us.

Can you add Bitdefender and any other missing security tools?
Thanks.

It seems that many of our users are having trouble with Sophos Endpoint not being able to get or apply updates. Some for days or weeks at a time. This seems to be leaving many under protected.

The Malware and PUAs blocked Report does not filter events to malware and puas in any way, it just shows all events including successful update notifications. This is not useful.

We are in the process of migrating from On-Prem to Central using an Enterprise structure for 55000+ endpoints.

When creating Global Policy for sub-estate groupings there is no option to create a global peripheral exemption list.

This means not only do I have to duplicate the exemptions across each policy within a sub-estate, but also all the other sub-estates that will require the same exemptions list.

This is incredibly unproductive.

With On-Prem a new addition to the exemptions list would be applied globally. Can this, at least, not be replicated for Central if the Enterprise level exemptions cannot be implemented?