Sophos Ideas / Sophos Central

Sophos Central

Suggest, discuss, and vote on new ideas for Sophos Central. The unified console for managing your Sophos products.
Please raise all product releated feature requests in the respective product forum

Suggest an Idea for Sophos Central...

← Sophos Central

Improved device list views

Including the ability to add/remove columns and filter results.

For example, add a column about tamper protection, and have the ability to filter for only devices with it disabled. Or to add a column about Intercept X software version and filter for certain version(s).

This would apply to Endpoint and Server views.

We intend to make this functionality available via APIs as well.

443 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

AdminJon (Admin, Sophos Features & Ideas Laboratory) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
Started  ·  AdminJon (Admin, Sophos Features & Ideas Laboratory) responded  · 

The APIs are now available, please see https://developer.sophos.com/ for more details.

For example, retrieving tamper protection status is available this way: https://developer.sophos.com/docs/endpoint-and-server/1/routes/endpoints/%7BendpointId%7D/tamper-protection/get

I appreciate many people simply want the admin UI to offer the functionality rather than just APIs, and we will update it to allow column addition/removal and filtering on any column. However, this is likely to not be until around August as the development team have been reassigned to assist another project for a few months. Sorry for the wait, I would very much like this to be available earlier.

I’ll leave this item open and “started” until the admin UI changes are released, but please do be aware of the API option in the meantime.

Show previous admin responses (1)

90 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Ron Becker commented  ·   ·  Flag as inappropriate

    Users aren't always at their consoles to see the momentary notification popup, and they rarely check their own dashboard. Partners are notified, yes, however this creates additional layers of complexity.

    In our case, often we also manage home computers for executive level staff that must have VPN office access. More often than not, we do not have independent (unassisted) remote access to these systems.

    Some of Sophos' security competitors change the icon in the Windows desktop notification area to reflect user interaction is needed. In one example, a yellow triangle with an [!} character is overlaid on the icon. I'm sure this would require a minimum of additional code and a bit of creative. This small change would go a long way toward increasing end user satisfaction.

  • Patrick commented  ·   ·  Flag as inappropriate

    I am definitely supporting this idea to add a solution like that, especially for the German market as the GDPR is demanding these kind of reports. Having an Endpoint Protection solution supporting that will be a big heads-up for competing at the market.
    We know about a German-based Endpoint Protection suite that delivers this kind of feature and went quite successful in placing their product at customers this way.

  • Wayde Erickson commented  ·   ·  Flag as inappropriate

    I thought it would be as easy as a Drop down menu from Server Protection dashboard. "Show all servers" , "Servers with Enabled Tamper Protection Off" That would be real nice.
    Thanks

  • Daniel Murrieta commented  ·   ·  Flag as inappropriate

    Hey Bryn, we have it all set to automatic updating. The team in charge of imaging is using a deployment software that I'd prefer not to mention publicly. It does seem to have issues with the image, but it's hard to tell as a lot of the issues also seem to fix themselves shortly after handing to a user and letting the computer stay online for a time. To be sure if it's the image or not, I'll need to monitor some 15-30 computers newly imaged over 2 weeks or so. The real issue seems to be from everyday users whose services just fail or go missing, but, again, I need to be more thorough in my monitoring before I can pinpoint that.

  • Bryn commented  ·   ·  Flag as inappropriate

    @Daniel - I noticed you are having issues with Sophos services not being installed correctly. Are you using the "Controlled Updates" option and a deployment task/image for deploying sophos?

  • Daniel Murrieta commented  ·   ·  Flag as inappropriate

    1. Add a status column for Tamper Protection Enabled/Disabled in the Devices list.

    2. Add a Enable/Disable Tamper Protection option to the Devices page. You would check as many boxes as necessary and then enable/disable tamper protection for them. This is necessary for mass reinstalls where Sophos is missing services or other.

    3. Add a timed option for when Tamper Protection will automatically come back on. This could be a pop-up that shows after clicking disable which would then ask how many hours/days it should be disabled, or if it should be disable indefinitely. This will add administrative security as it's easy to forget re-enabling.

    USE CASE: We need to reinstall Sophos to a large amount of computers currently missing services or having other issues. While we've found a way to push out a mass reinstall, we still have the task of going to each computer in Sophos Central, disabling the Tamper Protection, and then revisiting those computers later to re-enable Tamper Protection. I've noticed that there is a way to remove Tamper Protection for all computers in Global Settings, but that isn't ideal and presents an unnecessary security risk for every other unaffected computer.

  • Marek Adamczyk commented  ·   ·  Flag as inappropriate

    +1
    as techs at times forget to reenable it back and have to trace their tickets to find machines which they worked on to enable it back.

  • Grant Phillipson commented  ·   ·  Flag as inappropriate

    I agree this should be a feature, just now it is too time consuming having to go into every device to check its tamper protection status. we should be able to run a report or have an extra column on one of the existing reports. also maybe place an alert if tamper protection is turned off.

  • Stefan Bettighofer commented  ·   ·  Flag as inappropriate

    We have to Reinstall ower PCs with disabled TP. Else the HitmanPro Alert Service Fails to install from time to time.

    Its possible that we forget to aktivate the TP after the reinstallation of the Client.

  • Eric Weaver commented  ·   ·  Flag as inappropriate

    Yes, need to be able to schedule reports and send them via email, like the on-premise Sophos Enterprise Console lets us do. This is critical from an auditors, regulators perspective.

1 3 5

Sophos Central: Endpoint Protection

Categories

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.