We need a tool to remotely remove Sophos agents.

Currently we are having to install manually as part of the enrolment.

Intune only supports deploying MSI installers so we either need an MSI or an 'Intune compatible' method.

Sophos Central should implement scheduled reporting like in Sophos Enterprise Console eg Daily, weekly Reports... instead of reactive reporting where it emails for an alert or detection.

Option to disable/change timeout time settings on Central Console.

Issues:
1. Central console automatically logs off currently logged in user (even if actively being used, not idle). This requires the user to re-log several times a day, and with the addition of 2FA this is quite a cumbersome process to have to repeat.

2. For customers who are using monitoring systems, not having this functionality means that Sophos Central will not able to display its dashboard on a network operations center.

Desperately need you to bring back the full offline installer. Deploying the install amongst multiple endpoints is not feasible with our bandwidth.

We can't remove Endpoint Protection agents from the clients remotely. We are connecting to clients one by one and do the uninstall operation and this takes a long time to finish the job.

It will be great if you may develop remote uninstall feature for Endpoint Protection agents.
We will save time and money.

Regards,

ABILITY TO IMPORT AND EXPORT ANTIVIRUS EXCLUSION LISTS

Currently it is not possible to granular configure the email alerting to select only certain item to be alerted. But it would be useful to enable this to happen so more than one user can get the selected alerts without admins receiving excess emails.

There needs to be a way to import and export exclusions, with over 90 customers in our Sophos central database, adding exclusions one at a time is terribly inefficient and time consuming. The same goes for removing exclusions removing them one by one and having to mouse click confirm is also awful. A better system needs to be implemented especially since this feature had been requested seven years ago in this Sophos thread https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/2801/importing-exclusions-into-a-policy

As Sophos Central stands at the moment, it automatically sends alerts to ALL administrators. We would like to be able to configure these alerts and who it sends to so every administrator doesn't get their email inbox flooded with these.

The ability to make a remote connection to an endpoint that is in isolation (red) mode from central admin to be able to work on the client if the endpoint is not able to clean the threat making it isolated. Otherwise you need to drive out to the customer as we did back in the 90's.

Please give us an option in the policy to disable the tray icon or the tray icon information balloons. If an event is triggered on terminal servers, every logged in user on this terminal server sees a balloon with the triggered event and the issuing user account. This can be very embarrasing to the user.

Is there no way to stop a scan on a workstation? This seems like an obvious option to have available. Also it would be nice to be able to push installations out to systems, like the Vipre software allows you to do. Also you should be able to uninstall the endpoint software remotely too.

The ability to delete devices from Sophos via the API.

Today Sophos automatically cleaned up a PUA that I did not want cleaned up. I had no way to go into quarantine and restore the file. I would like to be able to do that preferably from Central. I would also like to be able to not automatically clean up PUAs but continue to automatically clean up malware. There is no distinction in the settings.

I would like to be able to automate monthly reports. It would be great to have more options on generating reports and automatically emailing them.