Improved device list views
Including the ability to add/remove columns and filter results.
For example, add a column about tamper protection, and have the ability to filter for only devices with it disabled. Or to add a column about Intercept X software version and filter for certain version(s).
This would apply to Endpoint and Server views.
We intend to make this functionality available via APIs as well.
The APIs are now available, please see https://developer.sophos.com/ for more details.
For example, retrieving tamper protection status is available this way: https://developer.sophos.com/docs/endpoint-and-server/1/routes/endpoints/%7BendpointId%7D/tamper-protection/get
I appreciate many people simply want the admin UI to offer the functionality rather than just APIs, and we will update it to allow column addition/removal and filtering on any column. However, this is likely to not be until around August as the development team have been reassigned to assist another project for a few months. Sorry for the wait, I would very much like this to be available earlier.
I’ll leave this item open and “started” until the admin UI changes are released, but please do be aware of the API option in the meantime.
Timothy Oakes commented
How does this not exist in Central? Please make it happen ASAP.
Ron Becker commented
Users aren't always at their consoles to see the momentary notification popup, and they rarely check their own dashboard. Partners are notified, yes, however this creates additional layers of complexity.
In our case, often we also manage home computers for executive level staff that must have VPN office access. More often than not, we do not have independent (unassisted) remote access to these systems.
Some of Sophos' security competitors change the icon in the Windows desktop notification area to reflect user interaction is needed. In one example, a yellow triangle with an [!} character is overlaid on the icon. I'm sure this would require a minimum of additional code and a bit of creative. This small change would go a long way toward increasing end user satisfaction.
Plus, I can't re-enable Windows Updates until I know who has gotten the fix.
And another reason: https://community.sophos.com/products/sophos-central/f/sophos-central/105781/sophos-notification-advisory-october-2018-windows-update-fails-to-install-on-windows-8-1-with-fatal-error-c0000022/385917?pi2147=5
We've had dozens of computers affected. I need to know who got the fix.
Abdullah Boztaş commented
in our region certain customers request this feauture. Is there any progress to add this feature? Regards
I am definitely supporting this idea to add a solution like that, especially for the German market as the GDPR is demanding these kind of reports. Having an Endpoint Protection solution supporting that will be a big heads-up for competing at the market.
We know about a German-based Endpoint Protection suite that delivers this kind of feature and went quite successful in placing their product at customers this way.
This is a very important feature
Wayde Erickson commented
I thought it would be as easy as a Drop down menu from Server Protection dashboard. "Show all servers" , "Servers with Enabled Tamper Protection Off" That would be real nice.
Niel, This! This is why versions are important. https://community.sophos.com/kb/en-us/132691 You give a fix, based on a version number and how exactly do I know which servers got it?
Daniel Murrieta commented
Hey Bryn, we have it all set to automatic updating. The team in charge of imaging is using a deployment software that I'd prefer not to mention publicly. It does seem to have issues with the image, but it's hard to tell as a lot of the issues also seem to fix themselves shortly after handing to a user and letting the computer stay online for a time. To be sure if it's the image or not, I'll need to monitor some 15-30 computers newly imaged over 2 weeks or so. The real issue seems to be from everyday users whose services just fail or go missing, but, again, I need to be more thorough in my monitoring before I can pinpoint that.
@Daniel - I noticed you are having issues with Sophos services not being installed correctly. Are you using the "Controlled Updates" option and a deployment task/image for deploying sophos?
Daniel Murrieta commented
1. Add a status column for Tamper Protection Enabled/Disabled in the Devices list.
2. Add a Enable/Disable Tamper Protection option to the Devices page. You would check as many boxes as necessary and then enable/disable tamper protection for them. This is necessary for mass reinstalls where Sophos is missing services or other.
3. Add a timed option for when Tamper Protection will automatically come back on. This could be a pop-up that shows after clicking disable which would then ask how many hours/days it should be disabled, or if it should be disable indefinitely. This will add administrative security as it's easy to forget re-enabling.
USE CASE: We need to reinstall Sophos to a large amount of computers currently missing services or having other issues. While we've found a way to push out a mass reinstall, we still have the task of going to each computer in Sophos Central, disabling the Tamper Protection, and then revisiting those computers later to re-enable Tamper Protection. I've noticed that there is a way to remove Tamper Protection for all computers in Global Settings, but that isn't ideal and presents an unnecessary security risk for every other unaffected computer.
Marek Adamczyk commented
as techs at times forget to reenable it back and have to trace their tickets to find machines which they worked on to enable it back.
This would be really helpful
Paul Orr commented
Disappointed this isn't at least a report.
Grant Phillipson commented
I agree this should be a feature, just now it is too time consuming having to go into every device to check its tamper protection status. we should be able to run a report or have an extra column on one of the existing reports. also maybe place an alert if tamper protection is turned off.
Tamper protection status as a column
Stefan Bettighofer commented
We have to Reinstall ower PCs with disabled TP. Else the HitmanPro Alert Service Fails to install from time to time.
Its possible that we forget to aktivate the TP after the reinstallation of the Client.
+1 from me too.
Eric Weaver commented
Yes, need to be able to schedule reports and send them via email, like the on-premise Sophos Enterprise Console lets us do. This is critical from an auditors, regulators perspective.