Sometimes emails get deleted by Email Gateway. Many times it is correct but there are times when it is not. Currently we have no way to recover a message that has been deleted. Rather than automatically dumping them, it would be helpful to allow messages to move to an admin only area to be reviewed and possibly downloaded directly from the portal, or released if it is determined that there is a need. A good example, we had an wayward block rule deleting all email from gmail.com. After finding the issue it would have been super helpful to go back and redeliver the deleted emails to users so they did not have to request the messages be resent.

I recently ran into an issue where all emails from gmail.com were being deleted. I could not figure out what was going on. I called support and they helped me solve the issue which turned out to be a wayward rule. My issue is the logging is so obtuse in Email Gateway that you can't really tell why something was deleted. There should be a simple note on the message as to why it was deleted. Was it an advanced threat, triggered by a block rule, malware, etc. There should also be verbose logging that lets you see the message the entire way through the Sophos system. This would save countless hours and support calls. Even the support Engineer did not have access to better logs. He just made a few guesses and we eventually found it. In the meantime, he was getting the case ready to send up to development which seems ridiculous. Please provide better logging and clear explanations in Sophos Central as a whole as to why something is happening.

We noticed that even though we have the servers to NOT auto-update but to update it manually when we want to, all systems still get security updates immediately to protect them against the latest threats. Which is good….BUT… When the product version expires, any server on that old version will be updated to the next version automatically.

This is an real example that we had where the current version will was to expire in Jan 2, 2019. The New version came out on December 11, 2018.

Sophos just released a version and giving us less than a month to upgrade all servers (December 11, 2018) . This doesn’t make sense to us. Is there a way to give us more time to update Sophos on our servers?
The concern is more on our servers which are in production than on our endpoints. We will like more flexibility and this feature added where we can have full control on when we want to update Sophos on our servers. We cannot have our production servers be restarted everytime a new version is released our servers needs to be running 24/7. This is why we need to update Sophos manually so we can plan accordingly.

Suggesting some improvements to this existing feature:

Endpoint Protection - Controlled Updates
Go to:
Endpoint Protection > Settings > Controlled Updates

You can control how your computers get product updates below. All computers still get security updates immediately to protect them against the latest threats. When product versions expire, any computers on that version will be updated to the next version automatically.

When a new version becomes available, you can add computers to a list called "Test computers".

When you are satisfied with your testing, you can click a button that says: "Update to match test computers"

Suggestions:

1) Provide a confirmation button that says something similar to the following: "This will upgrade all computers to the newest version available. Are you sure you want to do this?"
2) Provide a way to use Groups in the "Test computers" section so that individual computers do not have to be added manually.
3) Provide a separate sub-screen for "Update to match test computers" that allows you to select Groups to update.
4) Provide a way to select a date/time range for updating the computers.