Including the ability to add/remove columns and filter results.

For example, add a column about tamper protection, and have the ability to filter for only devices with it disabled. Or to add a column about Intercept X software version and filter for certain version(s).

This would apply to Endpoint and Server views.

We intend to make this functionality available via APIs as well.

Desperately need you to bring back the full offline installer. Deploying the install amongst multiple endpoints is not feasible with our bandwidth.

I can see a lot of computers have "Reboot required after software update" alert in the Sophos Central. However, users never get any notifications about the required restart.

Can you modify the user interface such that user will get notification about the restart every 30 minutes, then every 20 minutes, then every 10 minutes and then every 5 minutes?

The uninstall and repair options via console would make it easier to manage a large number of machines, mainly because sometimes it is difficult to get access to some of them.

Suggestions for improvement for Peripheral control policy:
- option to export the "Peripheral Exemptions" list to csv
- filter options in "Peripheral Exemptions"
- sorting options in "Peripheral Exemptions"
- sorting options in "Add Peripheral Exemptions"
- add filter type Computer to "Add Peripheral Exemptions"
- allow the user to resize the window, so that I can read the complete field
- allow to filter by time for a date and time range

In peripheral protection, removable drives have 'unique ids' unfortunately it doesn't appear that the Sophos software is pulling the unique id of removable drives. This is a compliance issue for us as we only approve registered devices by their unique identifiers.

When running scans with Sophos Central, there is not status bar that shows the progress of the scans. This feature would be extremely useful when allocating time and resources to specific issues. This feature existed in the Sophos On-Prem solution, so I don't think it should be hard to do.

This report would tell us who needs to be put in groups to have custom policies applied. If new users are added and someone forgets to add them to a group, then after the fact there's no way of knowing without looking at every user's policies.

Please add the functionality to export personalized exclusions for servers and users/clients and then the ability to re-import them on a different server (group) or users.
In order to facilitate batch export-import of long exclusion lists.

Please, allow to set custom messages for the warning or blocking of file downloads or URL's as regulated in Web Control for Sophos Central customers? Similar to what the XG firewalls are allowing.

Thank you

Larry Goncea
Larry@domain-group.com
484.256.4373

Today Sophos automatically cleaned up a PUA that I did not want cleaned up. I had no way to go into quarantine and restore the file. I would like to be able to do that preferably from Central. I would also like to be able to not automatically clean up PUAs but continue to automatically clean up malware. There is no distinction in the settings.

The categories Proxies and Translators should be separate. Many customers would like to block sites categorized as proxies but allow sites categorized as translators. They should be configured like this by default.

Ex. translate.google.com is blocked by default.

Would like to see the MAC Address listed on the Devices tab as well as to be able to export to a CSV file. This would be extremely helpful to those of us managing networks of 4000+ devices. I believe this information must be captured in the Sophos servers so I can't imagine it would be that hard to include in the Device information.

add a notes field to peripheral exemptions so I can note why im creating the exemption.

Clearing alerts, It would be best if I don't have to manually select all 500 alerts and acknowledge them. What would be better would be a section for me to select what categories to be alerted. I seriously don't care if a reboot is required after a software update. The computer will restart when it restarts. At this point the alerts are useless to me. Another idea would be the next time the computer scans and doesn't find a threat or issue, that the alert gets cleared. It's a lot of manual labor...

The Audit logs are lacking in detail and visibility, specifically:

1. When moving devices/computers into groups - the audit logs only show that a change was made to the group itself, not which devices/machines were affected.

2. When a change in product assignment is done (e.g. we remove Device Encryption as an installed product on a device/machine or a group of devices/machines) the audit logs do not show which devices/machines were affected.

3. When changes are made to a Sophos Central policy, what were the actual changes made within the policy.

Make an API call capable of renewing the current API key to prevent API token expiration when it is being used for continuous log collection.

We manage a large number of Sophos Central accounts and the process of renewing tokens could be greatly simplified if we did not have to log in to each account via the partner portal in order to renew keys as they come up for expiration.

On Sophos Central, when adding computers to a computer group, add an option to filter by the windows operating system version.

I have had InterceptX Root Cause Analysis (RCA) cases detected with low, medium, and high priorities -- but none of them generated an alert email.

It is very important that they do so, because RCA cases imply that malicious code has attempted to run on an endpoint, and this requires manual investigation to ascertain the cause.

At the moment it appears that the only way of noticing if you have a new RCA case to deal with is if you manually go Dashboard -> Endpoint Protection -> Root Cause Analysis.