Nice Sophos DB query's

> If you feel the current reports in Enterprise Console are insufficient for your needs we encourage you to log them on

> the forum or notify Sophos technical support so we can integrate them into the product in the future.

Ok here we go:

1. I like the full path to everything (Viruses, Suspicious, HIPS, Controlled Applications) to be visible in the computer details screen.

2. I like to have a notification by email of a Web content scanner detection. Sophos arguments that this is not needed because the virus has never made it to the system. I want to know if something was blocked because maybe not everything was blocked. I have plenty of cases where Sophos blocked the PDF but the SWF used in the same attack was not detected and made it to the system.

3. I like to have a notification by email of a Web Protection (Live URL) detection. Same argumentation. If Sophos lists a C&C URL but does not detect my specific sample of the bot. Communication to the C&C is blocked but I also like the computer to be cleaned.

4. I like to know which user is logged on to the computer for Web content scanner, viruses, Suspicious and HIPS detections. This data is currently not available in the database.

5. I like to have a report like the  'Data control events' query.

6. A md5 checksum for ever item detected would also be very nice!. (see my remarks in the HIPS detections with checksum
and Suspicious file detections with checksum query's why.)

7. If a computer misses the Full scan (because it's off) I like the Full scan to run when the computer has been started.

With other word I want details. I want to use the reports for investigation. It's nice that I can present a generic report to my manager but I want more!

> If you feel the current reports in Enterprise Console are insufficient for your needs we encourage you to log them on

> the forum or notify Sophos technical support so we can integrate them into the product in the future.

Ok here we go:

1. I like the full path to everything (Viruses, Suspicious, HIPS, Controlled Applications) to be visible in the computer details screen.

2. I like to have a notification by email of a Web content scanner detection. Sophos arguments that this is not needed because the virus has never made it to the system. I want to know if something was blocked because maybe not everything was blocked. I have plenty of cases where Sophos blocked the PDF but the SWF used in the same attack was not detected and made it to the system.

3. I like to have a notification by email of a Web Protection (Live URL) detection. Same argumentation. If Sophos lists a C&C URL but does not detect my specific sample of the bot. Communication to the C&C is blocked but I also like the computer to be cleaned.

4. I like to know which user is logged on to the computer for Web content scanner, viruses, Suspicious and HIPS detections. This data is currently not available in the database.

5. I like to have a report like the  'Data control events' query.

6. A md5 checksum for ever item detected would also be very nice!. (see my remarks in the HIPS detections with checksum
and Suspicious file detections with checksum query's why.)

7. If a computer misses the Full scan (because it's off) I like the Full scan to run when the computer has been started.

With other word I want details. I want to use the reports for investigation. It's nice that I can present a generic report to my manager but I want more!