We will have a new release of the ADSync tool before the end of June that will allow syncing of devices and device groups, protected computers will not be removed from Central but unmanaged/unprotected devices will if regular syncing is setup.
Unfortunately issues were found with this feature at release and it was withdrawn, the team are looking at the issues now but a release is not expected until later in 2020.
184 votesStarted · 11 comments · Sophos Central » Endpoint Protection · Flag idea as inappropriate… · Admin →
There is already a re-protect option in the console, it would be good to understand what issues are remaining on endpoints after they have been re-protected.
Have you raised a support case? We need feedback and details so that we can improve the products.
Presumably you can exempt cards plugged into the card reader? I suspect this would be a new class of device we would need to add.
Is this a standalone, SEC or Central managed endpoint?
You can't (shouldn't) avoid the updates especially if the machine has been off for a while as new protection will be missing until the update is completed.
Delaying the startup of any protection based software, especially antivirus software is a very bad idea, lot's of malware takes advantage of systems at startup so delaying by even a few seconds can result in bad consequences. If you are having issues with machines on startup you should raise a support request whereupon the issue can be investigated.
it doesn't scan the drive but rather the files being touched, to scan the entire drive you need to have it locally attached, mapped or else have the product installed on the host machine.
Already possible, if you go to the threat protection policy you will see an option for "Real-time scanning - Local files and network shares, here you can scan local or local and remote.
We’ll look again at the issue of “fat” or “single” installers in the future. We are currently working on an even thinner installer but that should pave the way to more flexibility and could mean an easier way to create your own customised (read fat) installer. We stopped creating the fat installers as they become out of date very quickly and we now also have more components to download and install for some licenses which would mean creating even more installers, better to have a “vanilla” installer that all can use and a method for customers who need a fat installer to create their own. No promises on a timeline for this yet though.
If the cache was ignored by 9 out of 10 endpoints then there is an issue we need to investigate, did you raise a support ticker for this at the time?
2 votesUnder Review · 7 comments · Endpoint Protection » Device Control · Flag idea as inappropriate… · Admin →
I did see the note, thanks and Kanguru have contacted me, assuming we can get a device we should be able to add it as a secure removable device but I am not yet sure when.
Is the device ID common to both admin and normal users?
5 votesUnder Review · 0 comments · Endpoint Protection » Application Control · Flag idea as inappropriate… · Admin →AdminDarrenT (Senior Product Manager, Sophos Features & Ideas Laboratory) shared this idea ·