Improved device list views
Including the ability to add/remove columns and filter results.
For example, add a column about tamper protection, and have the ability to filter for only devices with it disabled. Or to add a column about Intercept X software version and filter for certain version(s).
This would apply to Endpoint and Server views.
We intend to make this functionality available via APIs as well.
The APIs are now available, please see https://developer.sophos.com/ for more details.
For example, retrieving tamper protection status is available this way: https://developer.sophos.com/docs/endpoint-and-server/1/routes/endpoints/%7BendpointId%7D/tamper-protection/get
I appreciate many people simply want the admin UI to offer the functionality rather than just APIs, and we will update it to allow column addition/removal and filtering on any column. However, this is likely to not be until around August as the development team have been reassigned to assist another project for a few months. Sorry for the wait, I would very much like this to be available earlier.
I’ll leave this item open and “started” until the admin UI changes are released, but please do be aware of the API option in the meantime.
Nicky Hughes commented
Need Event Log Report TO FIND System with Tamper PROTECTION Disabled
FIND System with Tamper PROTECTION Disabled
We have multiple Admins on Central and Sometime during T/S the Tamper Protection is TURNED OFF for few systems. However if the ADMIN does not roll back its a RISK.
Need an AUDIT LOG REPORT for Systems with Tamper protection TURNED OFF
Sophos has reported that malware is able to defeat Intercept X and completely cripple EndPoint if tamper protection is turned off but we have no easy way to determine if tamper protection is enabled or disable quickly? This should show up on reports and security dashboard. Self healing after a certain amount of time should also be a global/site setting.
Agreed, from MSP perspective it would be easy to have an Administrator password that covers ALL my customers devices in My dashboard, then i can use that password whenever onsite etc, only i can change this password. This would save logging in to get Tamper Passwords each time.
Brittany N commented
Sophos, this is a major part of the security of your product. I would absolutely love to see this feature implemented. As it is now, sometimes I'll still run across endpoints where it's been turned off. How many more are out there like this? I won't know until I check through each individual endpoint, a laborious process which isn't feasible in anyone's environment.
It is difficult to show the policy in effect on a user without being misleading. A user can have more than one device, and those can have different policies.
We plan to improve the device list details page so that, amongst other things, you can see which policies are applied.
We will consider the same changes for the user list view afterwards, though it will need to take account of the device policy complexity outlined above.
For now, I'm going to merge this request into the device details request as it is the primary way we're focussing on this type of request.
Non urgent reboots are not detrimental to protection, so do not create an alert. At the moment they can only be seen in the admin console by looking for the event type on the user, device or event report.
We plan to add more detail to the list views, including whether a reboot is urgently/non-urgently or not needed. I'll merge this request into that request accordingly.
global tamper protection status without having to manually go through each endpoint's page is a must when 1000+ endpoints and multiple admins are involved.
Anthony Burrow commented
It would be nice to be able to select multiple devices on the same page enable/disable tamper protection.
It would be nice, while on the "devices" page, there be a column called "tamper protection" that would indicate whether it was enabled or disabled.
Agreed, this would be very useful. We're working on significant improvements behind the scenes to the "device list views", so that you can for instance add a column about tamper protection to see which devices have it enabled/disabled, and optionally filter for those in one state, e.g. disabled.
We expect this to take several months owing to the nature of the backend changes, but please bear with us!
We are still looking for a solution to this. Especially since log history is limited.
"Reboot to complete update" messages should put the device in warning status and not informational!
When on Earth Will this feature be enabled ?
What is the point of an application that provides tamper protection but has not way to list equipment that has that setting disabled?
Juan Miguel commented
It is a must
The incredible thing that we have to be the users that we have to "suggest" this .....
Even a schoolboy would realize that it is necessary ....
scott Owens commented
Can also failed admin logins be reported?
When you have over 400 computers this would be very handy!!!