Improved device list views
Including the ability to add/remove columns and filter results.
For example, add a column about tamper protection, and have the ability to filter for only devices with it disabled. Or to add a column about Intercept X software version and filter for certain version(s).
This would apply to Endpoint and Server views.
We intend to make this functionality available via APIs as well.
Jeremy Roberts commented
There is no obvious way to list filter or report on certain features or status, for example if Tamper Protect disabled and then enable them all on mass. you have to go in to every device individually which is a pain.
You can tell if Tamper Protection has been turned off or on by looking at the Events Report and refining the report to show Policy non-compliance.
Nick Fiorenza commented
Currently the only way to tell if Tamper Protection has been disabled for a device is Sophos Central is to view the Summary page of each device. My suggestion is to add a column to the existing "Servers" and "Computers" reports (under Logs & Reports -> Endpoint & Server Protection) that indicates whether or not Tamper Protection is enabled.
Anand Singh commented
I just thought of a great functionality where it's a simple filter but can be very useful to spot any security risks with the clients.
There could be a filter where it shows something like "Tamper Protection Off" and it displays all the devices that have tamper protection set to 'off'.
This would be super useful as if tamper protection is disabled then users and potential threats are able to stop the service or uninstall the Sophos application.
Is there a way where we can obtain a report to see if tamper protection has been disabled? If not can we get it added in ASAP?
Christopher Wanamaker commented
Enhance Reporting capability, such as allowing a report to be pulled showing the users, last active, and what policies are assigned to them.
As of now there is no way to confirm the users are getting the correct policies without going into each individual user, and when you have hundreds makes it wasteful.
Basically, a feature which allows custom reports to be created regarding users, groups, policies, and statistics for auditing / compliance.
It's not targeted, but Reports>Events>Policy Compliance>Policy non-compliance will list TP non compliant along with status on other policies.
Rich Glaser commented
I want a report that tells me if any endpoints have tamper protection turned off.
Neil Watkiss commented
What version(s) do you think you want?
Version of the suite? (Currently "11.0.2 Cloud")
Version of SAV? (Currently "10.6.0")
Version of core agent components (MCS, SAU)? (Currently "1.5.8" and "4.2.0")
Version of optional add-ons? (Currently SLD is "6.2")
Version of virus engine? (Currently "3.58")
Version of virus data? (Currently "5.10")
We try to avoid customers having to think about version numbers, especially as there are so many of them. Do we really want to display all of them? We don't give customers any control over these versions; nor do we want to explain whether these versions are "expected" or "out of date"; nor do we want to explain why there are so many components; nor do we want to expose whether an update is "minor" or "major". I worry that showing versions will imply that customers should care about them; and we give them no tools to react to these versions (and have no plans to).
Some compliance requirements need a list of the versions installed in each endpoint. Most of the time, it will be the latest version, but in case of not being update since time ago, versions could differ. Today, Cloud shows the time an endpoint has not being updated, but showing also the version would be very useful.