Sophos Central

Suggest, discuss, and vote on new ideas for Sophos Central. The unified console for managing your Sophos products.
Please raise all product releated feature requests in the respective product forum

Suggest an Idea for Sophos Central...

Users have no idea of missing emails quarantined due to attachment file type

Hi, please consider this simple suggestion.

Ability to include quarantined messages by reason "Attachment file type" in the quarantine summary but without the "release" option to keep them safe from themselves.

Some messages that are not flagged as spam/bulk with attachments get flagged and sent to quarantine due to potential threats, but no one other than admins can see them. Unless you have a dedicated resource monitoring this quarantined list, users will never know about these messages.

Not asking to open potential security holes here, but if the users could see they got messages that were deemed dangerous because the attached files, at least they could tell their known senders they are sending bad stuff.

Another option would be to send a quarantine summary only to admins with all these messages, or event better, the option to only report to admins messages flagged by reason "attachment file type".

Thanks for your hard work on this tool.

26 votes
Sign in
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Oscar Diaz (Admin) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
  • Anonymous commented  ·   ·  Flag as inappropriate

    This is critical. Significant user experience failure if you send email to user saying "this is what's quarantined" and actually there were other items blocked. So this is really a fix more than an idea, and should be across the board no matter why an item is blocked. What I have now in our org, users look at there quarantine email and then go back to sender and say "we never got that email." How frustrating and embarrassing when they find out that we did in fact get the email. Understand they can't have a "release" link on some items--fine, list them separately and have them contact Admin.

    Strongly recommend AGAINST sending list to Admin. I don't have time to look at a company wide list every day. And I'm not the one who knows if the sender is legit. The end user is the one who isn't getting the email, and can scan quarantine messages. Admin can't.

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.