Improved device list views
Including the ability to add/remove columns and filter results.
For example, add a column about tamper protection, and have the ability to filter for only devices with it disabled. Or to add a column about Intercept X software version and filter for certain version(s).
This would apply to Endpoint and Server views.
We intend to make this functionality available via APIs as well.
John Veldhuis commented
Can also failed admin logins be reported?
When you have over 400 computers this would be very handy!!!
This is a major risk that we cannot easily identify this!! Please add this report!
Thawatchai Chanlo commented
FIND PCs with Tamper PROTECTION Disabled, Please.
I am receiving "Reboot required" alerts in the Console from computers that are offline. The trigger appears to be the scheduled scan.
I'm also getting "Reboot required" alerts in the Console from computers that have been deleted and are no longer reporting to the sub-estate the alerts show up in! It is obvious that these alerts are generated in the Console, from the Console and have no bearing on what's really happening on the endpoint.
These "Reboot required" alerts also appear to easily become "stale" and continue to report a reboot is necessary even after the endpoint Events list reports that a reboot has occurred.
The best strategy at this point for dealing with these alerts is to clear them all and see if any more are generated to separate the current ones from the old ones.
In addition we have to provide SLA compliance reports for saturation, software up to date over a compliance period (measured everyday over a month etc).
Currently the only way to achieve this is to measure daily into excel then collate at the end of the reporting period.
Cannot see why this is not already a feature of Sophos Central! Would be very helpful if this existed
Timothy Oakes commented
How does this not exist in Central? Please make it happen ASAP.
Ron Becker commented
Users aren't always at their consoles to see the momentary notification popup, and they rarely check their own dashboard. Partners are notified, yes, however this creates additional layers of complexity.
In our case, often we also manage home computers for executive level staff that must have VPN office access. More often than not, we do not have independent (unassisted) remote access to these systems.
Some of Sophos' security competitors change the icon in the Windows desktop notification area to reflect user interaction is needed. In one example, a yellow triangle with an [!} character is overlaid on the icon. I'm sure this would require a minimum of additional code and a bit of creative. This small change would go a long way toward increasing end user satisfaction.
Plus, I can't re-enable Windows Updates until I know who has gotten the fix.
And another reason: https://community.sophos.com/products/sophos-central/f/sophos-central/105781/sophos-notification-advisory-october-2018-windows-update-fails-to-install-on-windows-8-1-with-fatal-error-c0000022/385917?pi2147=5
We've had dozens of computers affected. I need to know who got the fix.
Abdullah Boztaş commented
in our region certain customers request this feauture. Is there any progress to add this feature? Regards
I am definitely supporting this idea to add a solution like that, especially for the German market as the GDPR is demanding these kind of reports. Having an Endpoint Protection solution supporting that will be a big heads-up for competing at the market.
We know about a German-based Endpoint Protection suite that delivers this kind of feature and went quite successful in placing their product at customers this way.
Wayde Erickson commented
I thought it would be as easy as a Drop down menu from Server Protection dashboard. "Show all servers" , "Servers with Enabled Tamper Protection Off" That would be real nice.
Niel, This! This is why versions are important. https://community.sophos.com/kb/en-us/132691 You give a fix, based on a version number and how exactly do I know which servers got it?
Daniel Murrieta commented
Hey Bryn, we have it all set to automatic updating. The team in charge of imaging is using a deployment software that I'd prefer not to mention publicly. It does seem to have issues with the image, but it's hard to tell as a lot of the issues also seem to fix themselves shortly after handing to a user and letting the computer stay online for a time. To be sure if it's the image or not, I'll need to monitor some 15-30 computers newly imaged over 2 weeks or so. The real issue seems to be from everyday users whose services just fail or go missing, but, again, I need to be more thorough in my monitoring before I can pinpoint that.
@Daniel - I noticed you are having issues with Sophos services not being installed correctly. Are you using the "Controlled Updates" option and a deployment task/image for deploying sophos?
Daniel Murrieta commented
1. Add a status column for Tamper Protection Enabled/Disabled in the Devices list.
2. Add a Enable/Disable Tamper Protection option to the Devices page. You would check as many boxes as necessary and then enable/disable tamper protection for them. This is necessary for mass reinstalls where Sophos is missing services or other.
3. Add a timed option for when Tamper Protection will automatically come back on. This could be a pop-up that shows after clicking disable which would then ask how many hours/days it should be disabled, or if it should be disable indefinitely. This will add administrative security as it's easy to forget re-enabling.
USE CASE: We need to reinstall Sophos to a large amount of computers currently missing services or having other issues. While we've found a way to push out a mass reinstall, we still have the task of going to each computer in Sophos Central, disabling the Tamper Protection, and then revisiting those computers later to re-enable Tamper Protection. I've noticed that there is a way to remove Tamper Protection for all computers in Global Settings, but that isn't ideal and presents an unnecessary security risk for every other unaffected computer.
Marek Adamczyk commented
as techs at times forget to reenable it back and have to trace their tickets to find machines which they worked on to enable it back.