Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

AdminJon (Admin, Sophos Features & Ideas Laboratory)

My feedback

  1. 4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Endpoint Protection » Cloud Console  ·  Flag idea as inappropriate…  ·  Admin →
    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    We already have the concept of sub estates, please see:

    https://docs.sophos.com/central/Enterprise/help/en-us/central/Enterprise/concepts/Sub_Estates.html

    Did you mean something different?

  2. 281 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Started  ·  55 comments  ·  Sophos Central » Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    It is difficult to show the policy in effect on a user without being misleading. A user can have more than one device, and those can have different policies.

    We plan to improve the device list details page so that, amongst other things, you can see which policies are applied.

    We will consider the same changes for the user list view afterwards, though it will need to take account of the device policy complexity outlined above.

    For now, I'm going to merge this request into the device details request as it is the primary way we're focussing on this type of request.

    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    Non urgent reboots are not detrimental to protection, so do not create an alert. At the moment they can only be seen in the admin console by looking for the event type on the user, device or event report.

    We plan to add more detail to the list views, including whether a reboot is urgently/non-urgently or not needed. I'll merge this request into that request accordingly.

    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    Agreed, this would be very useful. We're working on significant improvements behind the scenes to the "device list views", so that you can for instance add a column about tamper protection to see which devices have it enabled/disabled, and optionally filter for those in one state, e.g. disabled.

    We expect this to take several months owing to the nature of the backend changes, but please bear with us!

    AdminJon (Admin, Sophos Features & Ideas Laboratory) shared this idea  · 
  3. 286 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  39 comments  ·  Sophos Central  ·  Flag idea as inappropriate…  ·  Admin →
    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    I merged a number of similar requests.

    We understand that alerting remains a problem area. There isn't a single issue to resolve, but we are gradually implementing the main feature requests and addressing the underlying causes.

    The main outstanding requests are:

    Reduce volume- stop unnecessary alerts. If the volume was more manageable, then many of the feature requests would be unnecessary or less important. We plan to re implement how alerts are generated as part of an overhaul of status reporting and how it is displayed. this should allow us to be more accurate in generating alerts. Where alerts are genuine (but still too common) we are addressing the underlying issues as we identify them.

    Admin responsibility specific alerting, for example an admin only responsible for servers should only get alerts for servers, not for computers. We are looking at implementing roles along these lines, and can add suitable alerting as we do that.

    Please note there are some recently completed items that may help:

    Group alerts by type (and be able to delete all alerts in a category/ies)

    Disable alerts for a certain user (e.g. helpdesk user or person who only needs Central access for generatign reports)

    Send alerts to addresses that aren't a Central admin

  4. 48 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  8 comments  ·  Sophos Central » General  ·  Flag idea as inappropriate…  ·  Admin →
    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    This is not planned in the next 12 months, but is an important candidate for after that.

    Please note that in the meantime we do offer federated auth with AD and second factor support.

  5. 58 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Sophos Central » Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    We're planning to make device deletion reversible (i.e. mistakes can be undone) in future. Until that point we do not want to automatically delete devices, as mistakes require a reinstall of the machine(s).

    Admins can manually delete machines, and we have a backlog item (note: currently not planned) to offer some canned filters of the devices list view to allow easy selection of devices on/offline for different periods of time. For example: filter for machines offline >30 days, then select all and delete.

  6. 597 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Started  ·  114 comments  ·  Sophos Central » Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    There is already a single add/remove programs entry for Sophos endpoint (it does in turn call multiple uninstalls to remove all components).

    An improved uninstaller is addressed in another feature request- merging this entry.

    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    Merged with another thread about removal- it will be automateable, so "sort of" remote. Please note you can de-assign intercept and encryption software from the central admin console already. We are looking to make endpoint de-assignable as well.

    All 3 can be (re)assigned already.

    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    Sorry for the frustrations removing the software. We are working on an uninstaller, we hope to release it in the next few months. The intention is to include it as a command line option on the installer as usually it is a prelude to re-installing afterwards.

  7. 226 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  62 comments  ·  Sophos Central » Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    Merging with a thread about a "full" installer.

    An uninstall capability (called via command line for when you are replacing a broken install) will be added to the installer.

    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    We are working on an update to the install so that it can use a local copy of the install files rather than pulling them from Sophos. This should be out in the next few months.

    To clarify; it isn't strictly an "offline" installer as it needs to connect to Sophos Central for registration, policies etc, but the bulk of the data transfer is usually the install files and it will be possible to provide these locally (e.g. USB stick, local network share etc).

    In the meantime please do be aware that there are potential workarounds:

    1. Use an update cache on a local server; clients will retrieve the initial install files from it.
    2. Use a caching proxy (e.g. if you have 3rd party web filtering you may well be able to use that to cache the files downloaded from Sophos, so that only the first install truly uses the Internet connection).
    3. Restrict the bandwidth usage for updates (including installs). It can go as low as 64kbps which should be a negligible impact on even relatively slow connections (like the 2mbps link mentioned below). Although installs will take a long time, they will complete in due course.
    https://central.sophos.com/manage/config/settings/bandwidth-usage

    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    We are reviewing this request. Please see the feature request Stefan linked to for updates when we have them

    https://ideas.sophos.com/forums/428821-sophos-central/suggestions/33472120-offline-endpoint-installer

    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    Thanks for raising this. We can see it has a high number of votes and will review the request.

    In the meantime, the update cache capability can provide a way to install from a local network source (i.e. avoiding the internet connection/WAN link) in cases where there is a local server. I appreciate that isn't always relevant, but bringing it up for visibility where it does help. If an update cache is present locally, new installs will find and use it automatically.

  8. 34 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Sophos Central » Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    For those (such as MSPs) with access to the Partner Dashboard, please note that as of last Saturday (8th Dec 2018), it now has the ability to set up policy templates to use across multiple Central accounts (customers). So for example you can have 2 Threat Protection policy templates, one for "regular" servers and one for AD servers with AD related exclusions.

    We plan to bring this to to the Enterprise Dashboard in 2019.

    The customer admin console has had a "clone policy" capability for some time so it should be easy to copy an existing policy within an account.

    We don't currently have plans to add a bulk import feature to the customer console (or either Dashboard) but we can review this.

    I appreciate there are numerous reasons to need to add exclusions but please do be aware that we have automatic exclusions to cover some common apps, such a some MS Exchange and SQL versions:

    https://community.sophos.com/kb/en-us/121461

    So, you may find you do not need to add all exclusions, particularly ones you had in SEC (the on-premises Sophos management console), which did not have these automatic exclusions.

    It may also be the case that a given exclusion isn't needed, for instance it was needed for another security vendor, or was needed to address a bug now resolved. I appreciate it is hard to know what exclusions aren't needed, but something to bear in mind as a potential typing reducer!

  9. 16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Sophos Central  ·  Flag idea as inappropriate…  ·  Admin →
    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    Darryl Richardson (UK TSAM) also asked for this: "I have an existing EPA customer who’s interested in migrating to Cloud Endpoint at some point in the near future (350 users). They have several offices across the globe and would like to assign an IT admin at each site to be able to amend policies for their region only, as well as having a master admin who has visibility of the entire estate.

    I understand this isn’t currently possible with CEA, if a customer buys 100 x CEA for example, they get one management console. The only way I can think of them doing this would be to split the licences across their estate (10 for office A, 20 for office B etc…) which would be less cost effective due to the price breaks.

    Is there anything on the roadmap which will facilitate multiple instances of the management console?"

    AdminJon (Admin, Sophos Features & Ideas Laboratory) commented  · 

    Lee Carass (UK SE) also raised this request: "the customer has multiple regions and wants each region to be able to manage a specific group of machines, with deployment, remediation and policy assignment"

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.