According to the KBA27213, it is necessary to disable in Windows Server 2016 to avoid performance issue.
It's better to do Windows update before installation.

This kind of information should be addressed in Sophos Central Admin Help to prevent installation issue or any other issue beforehand.

Allow users to be added to existing campaigns. Right now if you want to add one user to a campaign you cannot. You have to create a whole new campaign for them. It should be a simple matter to add users.

I can't see the results of the Phishing Threat training quizzes. Only that they completed it.

For users with access to multiple mailboxes. Have the ability to also view those other mailboxes quarantine.

If the admin and endpoint are in different locations, how can the endpoint's Sophos be disabled for the 4 hours troubleshooting without physically entering the tamper password on the endpoint?

It would be much better if the remote administrator could login to Sophos Central and remotely disable the Endpoint's Sophos for a specific period of time without the need to physically logon the endpoint's Sophos.

Otherwise the admin would need to disclose the tamper protection password to the person using the endpoint. Not a good idea. A new tamper password can be generated afterwards but that's not an efficient process.

In DLP, add a feature to restrict users from transferring data via bluetooth and wifi .
If allowed to transfer data via Bluetooth or wifi, data information should be captured

The renewal of your Heartbeat intermediate certificate has failed.
Followed the KBA but in there it mentions to Login via SSH and also the possibility of having to re-registering the firewall in Central.
My question is this particular client that got this alert has multiple firewalls how do I know which one to log into via SSH? Is there a way that the alert can be more specific so I know which firewall is in question?

It would be nice to have some more detailed information as to which firewall if the person has multiple firewalls

Allow scheduling of updates and of signature updates. We regularly experience prcoessor issues on machines updating durign the business day, the existing scheduling options are way too basic and allow just one day and time per week. Also updating signatures should also be able top be scheduled instead of occuring all day long, bogging down servers and wokrstations when people are trying to work.

Phish Threat - Dashboard. The User count used for reporting is bogus if we are not using AD. We need the ability to count the Phish threat user record with the email addresses only.

Provide alternative to the 'Outlook Add-in' for threat reporting. Not everyone has the classic Outlook anymore. Sophos customers should have the the ability to enable threat reporting via simple email forwarding to an address owned by the customer (or sophos if required) and/or add a manual check box by an administrator that demonstrates the item was reported.

Global Exclusions AUTOSAVE, instead of clicking "Save" button.

There have been several occasions where I have added many exclusions to the "Global Exclusions" list and click out of the window thinking my list have been successfully added. Only to go back and see they are not there because I forgot to click the save button. That is an extra step that should not be there. The "save" function should come from the "Add Another" or "Add" button.

Will there be an Outlook mobile phone add-on for Sophos Phish Threat that allows a user to report real or simulated phishing attempts, exactly like they are able to on the desktop? Will it allow a phishing campaign run through Phish Threat to record accurate metrics? Many user now use mobile and not being able to report it gives false readings.

It would be great if there were more options under Logs & Reports pertaining to Web Filtering:

- Top X Bandwidth Usage Offenders
- Top X Websites (not Categories) being Blocked
- Top X Potential Productivity Loss (these would be websites frequently accessed that are potential "time wasters" (i.e. Facebook, Twitter, etc.) whether these sites/categories are whitelisted or not)

"X" would be the number of clients/devices shown in the report. Would be great if this can go as small as 5 and large as 100.

Thank You!

Global Exclusion should be available for Endpoint and for Server. Not one for all as EP and Server exclusions are very different.

The way you have to manually add exclusions simply sucks and needs to looked at. Each item has to be added one by one!

Would be good to update the destinations with modern instant messaging platforms, such as whatsapp & wechat.

Where new feature are added, like Active Adversary mitigations, over just turning them on and hoping for the best I would like to have a detect and not block option. I can run for 2-3 weeks, if there no issues raised we put it into block mode. This make things 1000% simpler and safer to rollout new feature for us.

Can you add Bitdefender and any other missing security tools?
Thanks.