189 votesStarted · 12 comments · Sophos Central » Endpoint Protection · Flag idea as inappropriate… · Admin →
We are testing an implementation of an "automatic self repair" capability. We hope to include it in an Early Access Program, perhaps as early as next month, with a view to it being included as a standard feature in the next mainstream software release, likely due around April or May.
It will check for missing or stopped services on each update, and start any stopped ones and trigger a reinstall for any that won't start or are missing. It will also re-checksum all files to look for file corruptions, downloading new copies of any that are found to be corrupted.
The APIs are now available, please see https://developer.sophos.com/ for more details.
For example, retrieving tamper protection status is available this way: https://developer.sophos.com/docs/endpoint-and-server/1/routes/endpoints/%7BendpointId%7D/tamper-protection/get
I appreciate many people simply want the admin UI to offer the functionality rather than just APIs, and we will update it to allow column addition/removal and filtering on any column. However, this is likely to not be until around August as the development team have been reassigned to assist another project for a few months. Sorry for the wait, I would very much like this to be available earlier.
I’ll leave this item open and “started” until the admin UI changes are released, but please do be aware of the API option in the meantime.
Work is progressing well on the back end changes. The first access will be via APIs. See https://developer.sophos.com/ for documentation on what the APIs will offer. I believe the APIs will be released and usable by any Sophos Central customer in the next couple of months.
Once the backend and APIs are completed we will start to work on the admin interface improvements (which will use the same API and backend). There is still a lot of work to go, but the current estimate is that the UI changes will start to be released by the end of this year, with us gradually adding capabilities over time. I'll keep this feature request page updated as we go along. Thanks for your patience.
It is difficult to show the policy in effect on a user without being misleading. A user can have more than one device, and those can have different policies.
We plan to improve the device list details page so that, amongst other things, you can see which policies are applied.
We will consider the same changes for the user list view afterwards, though it will need to take account of the device policy complexity outlined above.
For now, I'm going to merge this request into the device details request as it is the primary way we're focussing on this type of request.
Non urgent reboots are not detrimental to protection, so do not create an alert. At the moment they can only be seen in the admin console by looking for the event type on the user, device or event report.
We plan to add more detail to the list views, including whether a reboot is urgently/non-urgently or not needed. I'll merge this request into that request accordingly.
Agreed, this would be very useful. We're working on significant improvements behind the scenes to the "device list views", so that you can for instance add a column about tamper protection to see which devices have it enabled/disabled, and optionally filter for those in one state, e.g. disabled.
We expect this to take several months owing to the nature of the backend changes, but please bear with us!AdminJon (Admin, Sophos Features & Ideas Laboratory) shared this idea ·
We already have the concept of sub estates, please see:
Did you mean something different?
I merged a number of similar requests.
We understand that alerting remains a problem area. There isn't a single issue to resolve, but we are gradually implementing the main feature requests and addressing the underlying causes.
The main outstanding requests are:
Reduce volume- stop unnecessary alerts. If the volume was more manageable, then many of the feature requests would be unnecessary or less important. We plan to re implement how alerts are generated as part of an overhaul of status reporting and how it is displayed. this should allow us to be more accurate in generating alerts. Where alerts are genuine (but still too common) we are addressing the underlying issues as we identify them.
Admin responsibility specific alerting, for example an admin only responsible for servers should only get alerts for servers, not for computers. We are looking at implementing roles along these lines, and can add suitable alerting as we do that.
Please note there are some recently completed items that may help:
Group alerts by type (and be able to delete all alerts in a category/ies)
Disable alerts for a certain user (e.g. helpdesk user or person who only needs Central access for generatign reports)
Send alerts to addresses that aren't a Central admin
This is not planned in the next 12 months, but is an important candidate for after that.
Please note that in the meantime we do offer federated auth with AD and second factor support.
We will have a new release of the ADSync tool before the end of June that will allow syncing of devices and device groups, protected computers will not be removed from Central but unmanaged/unprotected devices will if regular syncing is setup.
We're planning to make device deletion reversible (i.e. mistakes can be undone) in future. Until that point we do not want to automatically delete devices, as mistakes require a reinstall of the machine(s).
Admins can manually delete machines, and we have a backlog item (note: currently not planned) to offer some canned filters of the devices list view to allow easy selection of devices on/offline for different periods of time. For example: filter for machines offline >30 days, then select all and delete.
For those (such as MSPs) with access to the Partner Dashboard, please note that as of last Saturday (8th Dec 2018), it now has the ability to set up policy templates to use across multiple Central accounts (customers). So for example you can have 2 Threat Protection policy templates, one for "regular" servers and one for AD servers with AD related exclusions.
We plan to bring this to to the Enterprise Dashboard in 2019.
The customer admin console has had a "clone policy" capability for some time so it should be easy to copy an existing policy within an account.
We don't currently have plans to add a bulk import feature to the customer console (or either Dashboard) but we can review this.
I appreciate there are numerous reasons to need to add exclusions but please do be aware that we have automatic exclusions to cover some common apps, such a some MS Exchange and SQL versions:
So, you may find you do not need to add all exclusions, particularly ones you had in SEC (the on-premises Sophos management console), which did not have these automatic exclusions.
It may also be the case that a given exclusion isn't needed, for instance it was needed for another security vendor, or was needed to address a bug now resolved. I appreciate it is hard to know what exclusions aren't needed, but something to bear in mind as a potential typing reducer!
Darryl Richardson (UK TSAM) also asked for this: "I have an existing EPA customer who’s interested in migrating to Cloud Endpoint at some point in the near future (350 users). They have several offices across the globe and would like to assign an IT admin at each site to be able to amend policies for their region only, as well as having a master admin who has visibility of the entire estate.
I understand this isn’t currently possible with CEA, if a customer buys 100 x CEA for example, they get one management console. The only way I can think of them doing this would be to split the licences across their estate (10 for office A, 20 for office B etc…) which would be less cost effective due to the price breaks.
Is there anything on the roadmap which will facilitate multiple instances of the management console?"
Lee Carass (UK SE) also raised this request: "the customer has multiple regions and wants each region to be able to manage a specific group of machines, with deployment, remediation and policy assignment"