cbrasga

Agree with mlemieux. The last connected warning is too soon and should be configurable. Please put in a feature request.

You may also want to check out this post: https://forum.eset.com/topic/8644-list-of-things-that-would-improve-eset-remote-administrator/?p=45903 That is what I used to get to HTTP to HTTPS redirect working on my Windows ERA server. Be sure to make a backup of your server.xml file before doing anything so you can easily revert.

Glad to hear it. Also, thanks for allowing us to select all and de-select the few we may not want.

Wanted to provide positive feedback where it is due. Just upgraded to 6.4 and I really appreciate grouping the Policies in a folder structure and identifying which ones are built-in vs custom, it is so much better and less cluttered than the wall of policies we used to see from a fresh ERA install. Now if only there was a simple way to see which policies were active (applied), such as simply having the active/applied policy icon being ESET green.

@PEBKAC27c, #4 is not just because it is something new, it's about consistency. The flat look is more consistent with the look and feel of ESET's current endpoint products and even their website.

*bump* Updated list with more items.

So basically ESET considers their EULA more important than having a good, easy to use product? That is just sad. If Microsoft and other major software companies can make their software and upgrades deployable without requiring EULA acceptance every time, then so can ESET. Stop making your product more difficult to use, that is the opposite of what technology is supposed to do.

Thanks for letting us know after the fact. <Sarcasm> I'm in the middle of deploying ESET to 800 PCs, going department by department to minimize disruption. We setup a trigger that runs an "Install ESET Endpoint Antivirus" task when a computer with the ESET Agent but no AV becomes a member of a dynamic group. Everything was going smoothly when we get to the next department and none of the computers are automatically getting the AV deployed and the only information on the Client Task is "Task failed. Try to install the software manually." So I had my Help Desk team installing the software manually until I see there is a new version via this forum. I go into the task and find that 6.3 is no longer listed and change it to 6.4, and have to click to agree to the terms again. Did you think I changed my mind about deploying and the software agreement? I shouldn't have to click I agree each time I make a change to a deployment task. Doesn't the EULA during ERA installation already cover that anyway? Thanks for breaking our smooth process and having software that breaks when you release an update, that's security and ease of use. <Sarcasm> Are you guys purposely trying to make your software difficult for SysAdmins? Seriously, your ERA software while it technically "works" most of the time is seriously frustrating. We have enough to do instead of dealing with half baked software and troubleshooting problems you guys create. The best software is one that "just works" and is "easy to use", ERA is neither.

Since cross subnet/VLAN broadcast forwarding is a frowned upon security practice and typically a feature that's not enabled by default on most network equipment, ERA should "proxy" the broadcast to a client/agent that is alive on the WOL target's subnet. I've used several software that does this and it works really well.

Thanks MartinK, I used your redirection page instructions and it works as expected! I also added the following to get HTTP to HTTPS redirection working: 1. Add the following line to the Tomcat conf/server.xml file above the "<Connector server="OtherWebServer" port="443"..." line. <Connector port="80" protocol="HTTP/1.1" redirectPort="443"/> 2. Add the following to the Tomcat conf/web.xml file above "</web-app>" <!-- Require HTTPS for everything. --> <security-constraint> <web-resource-collection> <web-resource-name>HTTPSOnly</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> (Source: hxxp://www.itworld.com/article/2769041/development/how-to-configure-tomcat-to-always-require-https.html) 3. Add a Windows Firewall rule allowing port 80. I simply copy and pasted the "ESET Remote Administrator rule (service Tomcat7) on port 443" rule and changed the description and port to 80. 4. Restart "Apache Tomcat..." service. That's one issue down! Now, I can simply type the server/DNS name (or DNS alias "era") into a web browser it and takes me to where I need to be. Please add this to the next version of ESET ERA. Even though it's a small issue, every small improvement adds to ERA's ease of use and makes a SysAdmin's life easier. The SysAdmin that has to respond to a malware outbreak in the middle of the night and doesn't have to remember to type https://servername/erawhile still half asleep, will thank you.

Could you please specify what deployment scenario/platform/version are you using? Redirection of "root" requires trivial tomcat configuration changes or creating redirection file -> and If I recall correctly, it should be created during setup. We have installed the ERA 6.3 All-In-One installation on a Windows 2012 R2 server. Currently when I type hxxp://servername/ I receive a page cannot be reached error message in the browser and if I goto https://servername/ I simply receive a blank page. Only if I go to https://servername/era does the site load. The Windows firewall is enabled and it looks like the ERA installation creates the Windows firewall rules for TCP ports 443, 2222, 2223, 3128 but not port 80. Even after creating a rule for TCP port 80, the browser still does not connect on that port.

I second jimwilsher's comment. I've tried to pin the pop-out but once I close the browser or tab and log back in, I get the annoying pop-out again. Additionally, even if there is a "workaround", if there is a better way to do something it shouldn't it be used?

The following are highly recommended suggestions that would make ESET's ERA product better and easier to use. Remember, the easier you make something to use the more people will use it and the more time and effort is saved for those using it. 1. HTTP to HTTPS (and /era) redirect for ERA web console: I should be able to simply type the <SERVERNAME> or <SERVERNAME>.domain.com in the address bar and have it take directly me to the ESET ERA admin page. Example: I have a DNS alias that points ERA.domain.com to my ESET ERA server. I should be able to type ERA (or ERA.domain.com) in my browser's address bar and get to the admin page. Not have to specifically type HTTPS://ERA.domain.com/era. You may try to justify the reason for having to type the whole specific URL as extra "security", but security through obscurity is not security. Securing your product properly and making it user friendly is a win-win. 2. Simpler domain authentication: I should not have to check a box to indicate I want to logon with domain credentials. All of my other domain/LDAP integrated software does not require me check a box to login with a domain account. Your software should simply follow an order when authenticating; authenticate against domain first, if user/domain isn't present, authenticate against local user database. Additionally, accept all domain username formats (e.g. username, DOMAIN\username, username@domain.com). Currently the software only accepts DOMAIN\username, with no indication that is the format on the login screen. Example: I asked one of my staff to login using their domain credentials and they got locked out because they didn't know they needed to use DOMAIN\username format. 3. Remove the pop-out navigation: The pop-out on mouseover navigation is annoying and unnecessary. I understand the need for display space to display everything but don't make the interface jump around as you're using it. Make it a simple expand and collapse, not a mouseover. For a good example look at LastPass: 4. Optional: User interfaces are moving to flat and square edged: While not a requirement, it does keep UI's consistent and familiar with what people are used to, while also being less distracting when displaying information. 5. Use right click for context menus: 99% of applications use right click for context menus, even many web applications, so it is possible to do. Why go against the standard and what is natural to the users? Update 1 6. Don't alert on Presentation Mode being Enabled: Don't show security warnings on Presentation Mode being enabled, just make it informational. Having windows in full screen is going to happen throughout normal business use, that doesn't indicate a security problem. Maybe if presentation mode was enabled for more than 8 hours, then that might be something to warn about. 7. Show Usernames Logged Into Computers: ESET ERA 5 used to show us the username of the person logged into the computer. That was useful information than is no longer displayed in ERA 6. For example we identify who caused or experienced the security risk and depending on who's computer was affected, how to respond to the threat or problem. For example: CEO's computer show security risk, respond immediately. Occaisionally used warehouse computer doesn't have the latest virus definition update, we can check back later. 8. Inconsistent Way of Listing Days: The ESET dashboard Last Scan widget uses the wording "one day" for Time of Occurence but then digits (2 days, 3 days...etc.) for all other times. 9. Automatically Mark Cleaned Threats as Resolved: After a threat has been clean/deleted, mark the threat as resolved. Since it is no longer an active threat, but it is still in the threat log if someone wants to follow up. 10. Don't Requite Agreeing to License Agreement Every Time: If I've already agreed to the End User License Agreement (EULA) once, I shouldn't have to do it every time I make an edit to a client deployment task. Just changing the name of the task requires clicking agree to the license again. The ERA installation End User License Agreement should already cover that, don't make everyone have to configure an extra unnecessary checkbox. It will be make the task/deployment process cleaner and be one less setting someone is require to configure, saving unnecessary time and effort for SysAdmins. 11. User Friendly Email Alerts: Currently, the email alerts look like straight log outputs rather than a user friendly formatted email message. Below is an example of the current Antivirus Threat Alert email from ERA. A more useful alert would be easily readable and include a link to the ERA threat page or threat details. Number of threat detection events in 10 minutes has reached defined threshold. Please log-in to your ESET Remote Administrator for more details. Computer name;Severity;Time of occurrence;Threat type;Threat name;Threat flags;Scanner;Scan log reference;Object type;Object URI;Action performed;Action error;Threat handled;Restart required;User;Process name;Circumstances;Virus signature database computer.domain.com;3;2016-06-20 17:49:29;potentially unsafe application;Win32/Bundled.Toolbar.Ask.G;Variant;On-demand scanner;ndl30701.dat;file;file:///C:/Path/File.dll;;action selection postponed until scan completion;0;0;;;;13677 (20160620) 12. Multi-Select: Currently, to select multiple computers or threats you have to click individual checkboxes, which is a pain if you have tesn or hundreds of computers/threats you want to select. Please allow shift+click multi-select to make selection easier. 13. Item Count on Groups Tree: Showing the item count on the groups tree would be handy, so we could at a glance see the number of clients or threats for each group without having to click into each one.