SIEM integration needs to have audit logs included. It is no use just having event logs. SIEM integration is currently half finished, not fit for purpose as it stands.

How dumb, why do you have a question that asks "Did this help you?" and than only provide a button that says yes? How will you ever know that it wasn't helpful at all? Stupid.
Ever since moving to Central I just want to get a solution that is actually designed to be managed as Sophos just sucks up my life.

Tamper protection causes me more work than anything else. there needs to be a way to enter the Admin Password that is not through the client as that is often the first thing that breaks and the Sophos installation is then broken, the only fix involves major surgery which is unacceptable. There needs to be another way to enter the Admin password so the installation can be managed.

It would be great to have a filter for time as well as date.
Reason: If you are receiving / sending 10000 emails per day and want to see what happened between 10am and 11am for example, you need to scroll through hundreds of pages which can take a more than a few minutes.

Im Peripheriegeräte Bericht fehlt die Möglichkeit nach dem Datum sortieren zu können

When cookies, viruses or other malicious content is found in a user's UPD, Sophos ID's the volume instead of the User.

Example: When malicious content is found, the device is ID'd as \Device\HarddiskVolume6\ instead of the Username or owner that owns the disk.

The only way to discover which user's UPD is is to use Diskpart "list volume" commands via CMD.

Would be great if Sophos Central would ID this instead of showing the volumes.

i m not getting proper support from sophos endpoint

Upon virus detection, could we have more options(quarantine, rename detection and/or move to a specific location) instead of automatically cleanup?

Some infected word/excel documents are corrupted/deleted after automatic cleanup which is causing a lot of issue to the enduser.

Scan remote ip/workstations

On the local sophos client or cloud solution it would be nice to manually enter a workstation/server target to scan. As target client may not have the client installed or is a suspected threat.

Occasionally we have workstations in our environment which are 3rd party managed and it would be useful to scan them occasionally to make sure their AV is catching threats.

Thanks

I would like to see the ability to set the time a phishing campaign email goes out to something other than the top of the hour. Anything we can do to help make the phish threats appear more legit will be beneficial.

Would really like to be able to rename a device and also assign asset numbers

We would like to have settings for the creation off threat cases.

For example you can turn off the automatic creation of threat cases for blocked websites or sites with maleware.
The Websites gets blocked anyway and me as an administrator don't need a threat case for this.

The only current way is to deactivate the complete detection for malicios websites to stop the creation of threat cases for websites and this is not recommended by a sophos stuff.

"https://community.sophos.com/products/sophos-central/f/sophos-central/114038/settings-for-threat-cases"

Thank you for everyone who gives a votes for this. Lets make Sophos Central even better.

Please provide a button in the email listing items that are stuck in quarantine to "Add to whitelist and release".
Also, please add buttons in the quarantine to ALLOW/BLOCK easily by simply selecting the email and then clicking the right button. Provide an option to ALLOW/BLOCK the email address or the domain.

Currently, the process to add items to the allow list is clunky and hard to do for the end user. Please provide simplicity.

Create an Alert that will trigger if a tamper protection password has been used on a device. This notification should show up in the device's events.

Hallo,

es wäre super, wenn man zum einen die benutzerdefinierten Vorlagen der Kampagnen besser organisieren kann. Konkret würde ich mir wünschen, dass man bspw. Ordner erstellen kann, um dort angepasste Vorlagen abzuspeichern. Zudem ist es derzeit ein Bug, dass man benutzerdefinierte Vorlagen nicht umbenennen kann. Einmal angepasste Kampagnen kann man auch nicht löschen, dies wäre, zwecks Übersicht natürlich auch sehr Vorteilhaft.

Grüße
Dennis Jost

A banner on Sophos Central alerting known issues such as false reporting that Wireless Endpoints are down would be helpful. Hours of troubleshooting would be avoided.

Can we increase reporting to Weekly? Daily reporting being the longest time means each of our staff get about 10 emails everyday which is unnecessary.

A much better way of doing it would be every week just send one list of alerts instead of a separate email for each individual alert. This gets very excessive very quickly when you have 1000+ endpoints.

This way Sophos Central does not end up sending massive spam needlessly to our inboxes. As such, we've turned e-mail reporting off until this is fixed.

Windows Internal Database is a variant of SQL Server Express 2005-2014 used by Windows Server Update Services (WSUS) and Windows SharePoint Services, included in various version of Windows Server.

It is currently not detected for SQL server exclusions as per https://community.sophos.com/kb/en-us/121461 and so manual exclusions have to be applied.

It would help for Sophos Central to detect this the same way it does 'normal' installs of Microsoft SQL Server and set up exclusions automatically.

It is installed to C:\Windows\sysmsi\ssee\ or C:\Windows\WID and works with *.mdf / *.ldf files the same as a normal SQL server install.