Hi, please consider this simple suggestion.

Ability to include quarantined messages by reason "Attachment file type" in the quarantine summary but without the "release" option to keep them safe from themselves.

Some messages that are not flagged as spam/bulk with attachments get flagged and sent to quarantine due to potential threats, but no one other than admins can see them. Unless you have a dedicated resource monitoring this quarantined list, users will never know about these messages.

Not asking to open potential security holes here, but if the users could see they got messages that were deemed dangerous because the attached files, at least they could tell their known senders they are sending bad stuff.

Another option would be to send a quarantine summary only to admins with all these messages, or event better, the option to only report to admins messages flagged by reason "attachment file type".

Thanks for your hard work on this tool.

Sometimes emails get deleted by Email Gateway. Many times it is correct but there are times when it is not. Currently we have no way to recover a message that has been deleted. Rather than automatically dumping them, it would be helpful to allow messages to move to an admin only area to be reviewed and possibly downloaded directly from the portal, or released if it is determined that there is a need. A good example, we had an wayward block rule deleting all email from gmail.com. After finding the issue it would have been super helpful to go back and redeliver the deleted emails to users so they did not have to request the messages be resent.

We are currently running into some issues with emails containing malicious payloads making it through the Sophos Email Protection system and are hitting our edge firewall. Since our edge firewall is a next gen, its catching the malicious payload and not allowing the message to be delivered.

The issue is that we have no way of stopping the email once it has hit Sophos, so we have to wait for the email to go through its many retries, subsequent failures, and then eventually time out for it to be removed from the email queue. This is obviously a little frustrating, and does cause our edge device to kick out an alert email to our technical staff each time one of these messages is blocked.

I would love to have the ability to delete items from the email queue directly from the Sophos console if at all possible. If I'm running into this, I'm assuming others in the world are running into some similar issues.

Sophos- More than happy to discuss further if you need more details!

The download for Endpoint protection gives the option to download complete installer or choose components (uncheck InterceptX). This option needs to be added to to the Server Protection download. InterceptX Hitman affects many of our business critical applications that run on servers and there is no way to disable or exclude hitman from hooking these processes. Dealing with support to get custom config files to exclude things for each server affected is not ideal... Either give the option to not install interceptX on servers or allow customers to exclude processes from being hooked by hitman in the central dashboard... or merge the on-access scan exclusions with hitman pro... Anything added to exclusions in Central would then exclude any Sophos Central components from scanning or hooking these.

I recently ran into an issue where all emails from gmail.com were being deleted. I could not figure out what was going on. I called support and they helped me solve the issue which turned out to be a wayward rule. My issue is the logging is so obtuse in Email Gateway that you can't really tell why something was deleted. There should be a simple note on the message as to why it was deleted. Was it an advanced threat, triggered by a block rule, malware, etc. There should also be verbose logging that lets you see the message the entire way through the Sophos system. This would save countless hours and support calls. Even the support Engineer did not have access to better logs. He just made a few guesses and we eventually found it. In the meantime, he was getting the case ready to send up to development which seems ridiculous. Please provide better logging and clear explanations in Sophos Central as a whole as to why something is happening.