This is a feature request for Base policy amendments to be logged in more detail in the audit logs - Currently when any particular application base policy is edited the audit logs do not show in detail which specific base policy was edited, nor what specific changes were made to this policy. I feel this level of detail is important for change control and accountability.

Email Gateway - Domaineinstellungen/Status
Die FQDN mail.wbv-eiderstedt.de kann scheinbar nicht bei euch aufgelöst werden. Der Log besagt eine korrekte Zustellung von Mails, die jedoch nie das Kundennetz erreichen.
Nach Festlegung der festen IP 87.139.115.64 ist das Relay funktional.

Please include phishpoint type attacks in training for Phish Threat. Attack that sends a OneDrive file share link to users in order to harvest their credentials.

Hey Sophos, could you please integrate eSIM Support for the sophos mobile section in central. At the moment it is not possible to see the eSIM phone number of iPhones.

When malware gets detected, there is a alert generated in central with "manual cleanup required", but often Sophos-AV cleans up the malware on its own. In this case no additional alert gets created.
Thats just not efficient... we have to try and cleanup something that isn't there anymore at least 3-4 times a week and burn time and effort for nothing.
Possible solution: An alert has to be generated, if an automatic cleanup is successful. Then we would see: "Malware detected" and shortly after that "Automatic cleanup successful".

We have issues where Azure VMs are created for a short period of time and then automatically destroyed. This causes us issues with multiple entries of the same devices listing and alerting in Sophos. Suggestion is to have these automatically removed from Sophos Central so that no manual clearing is needed

Sehr geehrte Damen und Herren,
wir haben einen Kunden im Rchtsanwaltsbereich der das Produkt RA-Micro im Einsatz hat. Gibt es hier Erfahrungswerte über Ausschlüsse, da es beim einen oder anderen PC vorkommt, dass Winword in Kombination RA-Micro mit einen "Lockdown" blockiert wird. Geholfen hat nur der Ausschluss des gesamten RA-Micro Netzwerklaufwerkes. Danke vorab für eine Rückmeldung. Mit freundlichen Grüßen
Gerry Vanek

add ability to block .vhd and .vhdx files with web control policy.

https://www.bleepingcomputer.com/news/security/virtual-disk-attachments-can-bypass-gmail-and-chrome-security/

The details stirred the interest of security researchers who used real malware encapsulated in a VHD file to test the detection rate of multiple antivirus engines. Products that normally detected the malware samples became blind to them.

Reflexion should show the status of whether an email was encrypted or note and the reason for its encryption.

If we're unable to create custom roles within a sub-estate we need the excel file upload option to create enterprise admins in the Sophos Central Enterprise Console as the manual process is too time consuming for onboarding a whole department that's adopting this solution.

It would be helpful if there was a type of "soft block" that we could use on certain domains like gmail.com, earthlink.com, yahoo.com, or aol.com just name a few.

What I'm suggesting would be similar to a receive quarantine. If an email was received from a sender at one of these domains it would go into a holding a queue and a confirmation request would be sent to the sender. After the sender confirms sending the email, it would be released to the end user. This should help prevent mass phish and SMTP spoof attempts.

The List could be too long, so the ability to remove some entrys would be great

Hi, I would like a way to test exclusions. Specifically when you use wildcards to create a path exclusions for an application/file, have a way to enter the exclusion, then enter a set of paths to test what the exclusions catch or not.

Allow superadmin accounts to edit an end user's block list on a global basis and not as per individual. Doing so will allow admins to unblock addresses that were accidentally blocked.
Bring together the block list from all domain users into the enterprise list.

Threat Analysis Center Dashboard needs to show all (10+ lines) cases and include "In progress" as well as New cases. Why does Dashboard default to show only 4 cases?

In order to allow for automatic & silent rollback / removal of Sophos Central Endpoint using a generic software deployment system it would be helpfull to have API access to Tamperprotection of individual clients.