Improved device list views
Including the ability to add/remove columns and filter results.
For example, add a column about tamper protection, and have the ability to filter for only devices with it disabled. Or to add a column about Intercept X software version and filter for certain version(s).
This would apply to Endpoint and Server views.
We intend to make this functionality available via APIs as well.
The APIs are now available, please see https://developer.sophos.com/ for more details.
For example, retrieving tamper protection status is available this way: https://developer.sophos.com/docs/endpoint-and-server/1/routes/endpoints/%7BendpointId%7D/tamper-protection/get
I appreciate many people simply want the admin UI to offer the functionality rather than just APIs, and we will update it to allow column addition/removal and filtering on any column. However, this is likely to not be until around August as the development team have been reassigned to assist another project for a few months. Sorry for the wait, I would very much like this to be available earlier.
I’ll leave this item open and “started” until the admin UI changes are released, but please do be aware of the API option in the meantime.
XG Fan commented
tamper protection disabled status through Live Discover Query:
Since January 2017 (3,5 years), with 480 votes as of July 2020. We still don't have a report for the Disabled Tamper Protection Devices. This would be a Basic Security administrative report.
Are you listening?
Almost 500 upvotes and 2+ years but still not implemented. I'd think that this would have triggered some common sense responses a long time ago.
This feels like a "hey we know that we're intentionally hiding information from you by refusing to update our UI with remedial features in a tool that you are paying a lot of money for, but here, go learn a cumbersome interface for the API because our developers are too busy with features you don't want to upgrade our console".
Stop all your other projects and create a console that shows us what WE want, not what you think we should see.Nobody should dread having to use a management console like this...
We all are waiting for this feature as soon as possible.
Report on Tamper protection please.
surely that is a logical request
What’s the status on this?
Raghu Venkatraman commented
Would you be interested in discussion this issue with the product/usability team, to help improve this workflow?
This is a no brainer, and absolutely needs to be implemented not just by API but in the Sophos Central Console.
Looking forward to this report, or API at the very least.
I've just been looking for a way to identify which systems have tamper protection disabled and am genuinely shocked to discover that there is nothing built into Sophos Central.
This is, in my view, a huge omission and needs to be added as a matter of urgency.
Mike Nieves commented
Please make this available. I vote yes.
At least have API for this!
Karl Hentschel commented
I would like a report to identify any Server or Workstation that has tamper protection disabled.
Work is progressing well on the back end changes. The first access will be via APIs. See https://developer.sophos.com/ for documentation on what the APIs will offer. I believe the APIs will be released and usable by any Sophos Central customer in the next couple of months.
Once the backend and APIs are completed we will start to work on the admin interface improvements (which will use the same API and backend). There is still a lot of work to go, but the current estimate is that the UI changes will start to be released by the end of this year, with us gradually adding capabilities over time. I'll keep this feature request page updated as we go along. Thanks for your patience.
Robert Sieber commented
And the Export to CSV link should include all columns and rows selected. Currently OS Version cannot be included in the export - which is ridiculous.
I join the vote as we have an important client from Argentina reporting the lack of details in the version installed on servers and endpoint. Do you have an estimated date to make this upgrade in the console?
Philip Caprio commented
Request ability to alert, list/report on all endpoints that have Tamper Protection disabled.
Any updates to this? I need to pull info from Sophos Central pertaining to which machines do not have the latest version of Sophos Endpoint and I can only determine what version the machine has by searching by the machine name one by one which will take entirely too long.
Please release this functionality as soon as possible. We have customers with hundreds of endpoints who need to report / check AV version ( due to April 2019 update issue) and are unable to do this. SEC can do this- why not Central?
Nicky Hughes commented
Need Event Log Report TO FIND System with Tamper PROTECTION Disabled
FIND System with Tamper PROTECTION Disabled
We have multiple Admins on Central and Sometime during T/S the Tamper Protection is TURNED OFF for few systems. However if the ADMIN does not roll back its a RISK.
Need an AUDIT LOG REPORT for Systems with Tamper protection TURNED OFF
Sophos has reported that malware is able to defeat Intercept X and completely cripple EndPoint if tamper protection is turned off but we have no easy way to determine if tamper protection is enabled or disable quickly? This should show up on reports and security dashboard. Self healing after a certain amount of time should also be a global/site setting.