As all product updates require a reboot, and in some cases cause the protections to fail until an update has occurred.

we would like to be able to schedule the product updates to occur with our monthly patching and reboot cycle.

Currently the schedule only allows for a weekly schedule.

The schedule should be granular enough to accommodate schedules like 2nd Saturday of the month or every 3rd Monday etc.

How will this new feature address your business requirements?:

1. it will allow us to continue to use this product without the fear an update will cause the product to be ineffective against threats without an update




2. it will allow us to apply the required reboots to soon after the product has been updated to have all new features working.

How would you rate the importance of this feature?; 1 = Critical

There are many events generated in Sophos Central that Lack any specific information that would be required to know what is going on.

For example

Threat Cases. These are advertised as providing you with the root cause analysis, however quite they never actually provide information on what actually happened. An example of this is the
Lockdown events. To see what actually occurred and was blocked you need to review the local hitman pro events, so how is this providing Root Cause Analysis ?

Another example is AV detections within containers like ZIP and MSG files. In Central only the MSG file is reported, however the SAV logs include the Attachment or File within the ZIP that was
detected. This information should be visible in Central

How will this new feature address your business requirements?:

1. It will provide what this product has been advertised as doing, Being a central repository for this information.

How would you rate the importance of this feature?; 1 = Critical

My Idea/My Proposal:
In the settings for controlled updates it should be visible for each admin in which release group he or she is and when the respective updates will be released to these release groups after the official release. Only then it makes sense for me to release the updates via Central, otherwise it is simply a Russian roulette.
If there are always fixed times for the groups after the official release dates, it would also be sufficient to find out your position in the groups via other ways and to publish the postponement of the updates per group via a KB article.
It would be easier, however, directly in the Central under the controlled updates.

Background to the proposal:
I was told by support when I made a request that the release dates for endpoint and server updates in Sophos Central 'controlled updates' did not automatically mean that my servers would now receive the update after I had released it.
There would probably be three groups at Sophos. Group A, B and C. We are in Group C and usually get the updates a few weeks later.
This is a big hurdle for us. We see an update in the controlled updates. After a few days or weeks we release it and expect it to be on the servers within a few hours.
In the meantime we had the problem that this was not the case. We are waiting since 4 weeks for the update from May. We have released the update.
According to the update, the servers (server 2012 R2) now have Anti-Virus version 10.8.7. We still have 10.8.6. Core-Agent would also have to update to 2.7.7, we still have 2.6.0.
Now the update is already released and we have no plan when the update will actually be released on the servers, because we are in group C and have to wait for the group release, that is not visible anywhere, to be able to plan better.