Jump to content

ludolf

Members
  • Content Count

    35
  • Joined

  • Last visited

Profile Information

  • Location
    Hungary

Recent Profile Visitors

388 profile views
  1. here: ESMC, select policy (product: Eset File Security for Windows Server), Detection Engine, Processes Exclusions, Processes to be excluded from scanning
  2. Description: ability to export folder exclusions from ESMC policy Detail: to migrate exclusions from one policy to another
  3. Description: ability to add process path containing environment variable: Detail: in ESMC policy, add process exclusion %systemroot%\System32\Vmms.exe doesn't accept, "Invalid value" c:\windows\System32\Vmms.exe this works +1: same value can be added multiple times
  4. Description: change behaviour of adding new file/folder exclusions #4 Detail: in ESMC policy, adding folder exclusions c:\test\* works c:\test*\* doesn't work, "invalid path"
  5. Description: change behaviour of adding new file/folder exclusions #1 Detail: I need to exclude all *.mdb files in c:\test and all subfolders Currently I can exclude *.mdb files only in the top folder (c:\test) but not in the subfolders Description: change behaviour of adding new file/folder exclusions #2 Detail: I would like to exclude all *.vhdx files, but without specifying folder/drive (ESMC says when setting this in policy: "Invalid path") If I type "\*.vhdx" into the field, I can save it, but if I scan a test file manually, the log file still shows: "Number of scanned objects: 1", so the exclusion doesn't work. Description: change behaviour of adding new file/folder exclusions #3 Detail: if I import a txt file which contains correect and incorrect folder exclusion, ESMC says: "Not all input data have been imported". And it imports the list partially, but doesn't show the not importable item(s). It would be nice, if ESMC show a message with the incorrect, not importable items.
  6. Description: don't send notifications to all configured recipients Detail: we have 3 static groups: group1, group2, group3 All of them are maintained by different admin teams. For this reason we configured 3 notifications: Access group: group1 -> "threat notification" -> send email to group1@domain.com Access group: group2 -> "threat notification" -> send email to group2@domain.com Access group: group3 -> "threat notification" -> send email to group3@domain.com If an alert triggered in a group, all 3 groups receive an email about it. Only the affected group should to receive the email.
  7. MichalJ, thanks for the answer. Audit log filter: for example somebody changed a server setting and broke a feature by doing this. I know what has been changed, but currently I cannot filter to it. If I could to filter, I would know who changed it, and ask him why did it.
  8. Description: possibility to export webcontrol/url groups/addresses Detail: possibility to export webcontrol/url groups/addresses. Usage example: ERA/ESMC used for more groups (more admin teams), with similar policies, and a group needs an existing url group in a separate policy . Export/import would the elegant way to migrate url addresses.
  9. Description: more details in audit log Detail: Reports/Audit log. If somebody modifies a policy, only one event added to the Audit log: "Modifying policy xxx" it would be nice to know more. What settings have been modified and before and after values.
  10. Description: more granulate audit log filter Detail: Reports/Audit log. If I would like to search for a specific setting ("who changed it"), I have to scroll down from page to page, or use CTRL-F Please add possiblity to filter string in "Action detail" column.
  11. Exactly. If somebody change product accidentally and saves the policy, the settings are lost. This shouldn't be happen. If the admin selects a product within a policy, and change any setting, the product selection list should be disabled. After this, if the admin would like to point the settings to other product, he should to create a new policy. IMHO
  12. Hello Description: disable product change possibility after any settings have been configured in a policy Detail: imagine the following: - create a policy - change some setting - change product within this policy - save the policy In this case all of the previous settings are gone.
  13. Description: Notify about completed task execution Detail: It would be nice to have a setting on the new task creation page, to send an email to the task creator user, when the task is finished. The email could contain only a link to the task execution results, and maybe a summary about completion success or a successful/unsuccessful percent. Maybe if era is waiting for computers to be online, it could send reports repeatadly, containing the partial result, for example every 8 hour (or customizable intervals). Description: Sysinspector log viewer lists Detail: In ERA5 we could view the process list when clicked "Running process". And we could do some sorting for example company, to see non-usual entries for first sight. In ERA6 we only see the list of processes when open the "Running processes" tree. Same apply for "File Details". It would be nice, if we could see the items below these "subkey" and could sort them. Example situation: check processes/filedetails running from outside windows\programfiles folders.
  14. Hello Description: modify links in threat notification to unclickable Detail: admin/itsec receives plain text threat notification. He copies to another program, or forward as html. Receiver accidentally can click on the link (for example, when he tries to copy only the link). Computer name;Severity;Time of occurrence;Threat type;Threat name;Threat flags;Scanner;Scan log reference;Object type;Object URI;Action performed;Action error;Threat handled;Restart required;User;Process name;Circumstances;Virus signature database;Hash of detected file COMPNAME;3;2018-02-17 16:35:10;trojan;JS/Tivso.Gen;;HTTP filter;virlog.dat;file;hxxp://maliciouslink.com/?width=640&height=360;connection terminated;;1;0;USERNAME;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe;;16920 (20180217);A7F533A141F411DBDBBC376F3F348E7B59925E11 replace bolded part to something like this: hxxp://maliciouslink.com/?width=640&height=360 (forum motor replaces correctly :))
×
×
  • Create New...