Improved device list views
Including the ability to add/remove columns and filter results.
For example, add a column about tamper protection, and have the ability to filter for only devices with it disabled. Or to add a column about Intercept X software version and filter for certain version(s).
This would apply to Endpoint and Server views.
We intend to make this functionality available via APIs as well.
This would be really helpful
Paul Orr commented
Disappointed this isn't at least a report.
Grant Phillipson commented
I agree this should be a feature, just now it is too time consuming having to go into every device to check its tamper protection status. we should be able to run a report or have an extra column on one of the existing reports. also maybe place an alert if tamper protection is turned off.
Stefan Bettighofer commented
We have to Reinstall ower PCs with disabled TP. Else the HitmanPro Alert Service Fails to install from time to time.
Its possible that we forget to aktivate the TP after the reinstallation of the Client.
+1 from me too.
Eric Weaver commented
Yes, need to be able to schedule reports and send them via email, like the on-premise Sophos Enterprise Console lets us do. This is critical from an auditors, regulators perspective.
Michael M commented
Hi, This would allow us to better managed our Customer endpoints. Knowing the component versions allow's us to determine if a device isn't receiving an update for some reason or if a device has installed a hotfix yet.
I'd recommend listing out what's in Installed Component under the Sophos Endpoint Self Help tool
Stephen Hogan (Progress Systems Limited) commented
It would not only be nice to have this to run manually, but also to schedule it into an email digest of sorts.
Zeb Smith commented
In this day and age of DevOps and Automation, the lack of an external API to perform at basic functions (at a minimum) is a huge shortcoming.
We should, at the very least, be able to easily query information about devices registered in Central, get a list of active alerts, etc. via a web service.
Email alerts on a fleet of many thousands of devices are simply not manageable.
David Veatch - Super Admin commented
I just found a relatively easy way to identify the machines that have Tamper Protection disabled - though it's not without its inconveniences.
Logs & Reports/Audit Logs
Tamper Protection changes are recorded here the Description column as "Update computer tamper protection"
Export as CSV is available, making it relatively easy to narrow it down to just those entries.
would add a schedule and send report via email
I totally agree with this, it's very hard to see on a large network which machines need a reboot, also whereas the console says "Reboot Recommended" the individual machines state "Reboot Needed" which is very different.
Tom Stacey commented
Endpoint and Server as well please. It would be a nightmare if i had to check all 2000 devices individually.
I want it too
We really need this feature please, whether in drop down or a new column would be so MUCH more enterprise friendly than nothing. I tried the suggested Event report, but it was not accurate compared to current state. I had to run the Audit Logs -> Export which only told me that Tamper was changed and not whether enabled or disabled, so still had to touch a bunch of servers we had been troubleshooting.
I also agree that this would be very helpful. I have had a few instances where I have needed to disable Tamper Protection on an Endpoint, and then a while later (days or weeks) realized that I had forgotten to re-enable it.
Vikas Mundhe commented
We really want a report that tells me if any endpoints have tamper protection turned off.
Reports>Events>Policy Compliance>Policy non-compliance does not solve the purpose
Matt Davies commented
The 'Reboot recommended' warning/alert functionality was changed as part of a recent update to the Sophos Central Platform. 'Reboot recommended' alerts were changed to informational messages, meaning that they do not show in the Alerts section on the dashboard.
The informational messages appear in both the updating event log and in the Events tab against individual devices. Unfortunately, the updating events report shows a complete history of machines that have triggered the 'Reboot recommended' informational alert. So this doesn't make it clear as to which machines have been rebooted and which still require the reboot.
Please alter this functionality in order to make it clear as to the machines that are currently pending a reboot (even though it may not be 'required'
A simple drop down option where Show all computers is default would work out the best you have show all Bad and all medium and bad so another option to show all with tamper protection off. Often we have to shut off to do maintenance and sometime we forget to turn back on
And buttons to override every occurrence of disabled tamper protection, on endpoints, servers, and/or both.