igi008

Thank you very much for your valuable feedback. I absolutely agree with you. It is our goal to improve this situation and have all necessary components and tools in one installer/agent, with components enabled based on your license. Currently, we are making efforts to introduce more improvements that enhance the experience of easily enabling additional protection layers. We are striving to achieve this through an installer that installs all components based on your license across all platforms. By expanding ESET Solutions, we allow for the easy enablement of additional protection layers via a context menu over a single computer or groups of computers. The license is preselected automatically, and everything necessary is enabled or installed on the endpoint. We also aim to expand a dedicated section in the menu titled "ESET Solutions" where we are adding support for more and more protection layers. In this section, it is easy to distinguish where a protection layer is enabled and where it is missing. If a customer does not have a sufficient license, they can request a trial and try an additional protection layer like LiveGuard directly from this section.

Hello, thank you very much for this feedback, we plan to improve it, and every table should be sortable in the future.

Hello, many thanks for this idea. Actually we have something like you mentioned in our EDR layer (ESET Inspect), which provides better visibility in your network and helps you identify suspicious behavior. For example, these rules related to this MITRE ATT&CK Technique: https://attack.mitre.org/techniques/T1219/ can be helpful. However, including other conditions in such rules is a quite interesting idea.

Hello, many thanks for your post. It is a bit tricky because URI can also be a phishing link (in the case of web protection). ESET may be put on the list of phishers when we will send such notifications. However, we will try to open this topic internally again, and we will try to find an appropriate solution.

Thank you very much for your suggestion. We also have a negative filter in your backlog. We plan to pilot it on the computer screen with a new Filter Advisor (planned in H1/2022). Please stay tuned

Hello, Manny, thanks for your suggestion. We have in the backlog the reworking dynamic groups or, better say, enriching them to be possible to consider also data on the server (console). For now, you can try a workaround (but not ideal) to filter servers based on OS name and exclude domain controllers by the "Not equal" condition for specific machines. In the future, we will try to extend Dynamic groups / Dynamic group Templates to better-fitting this kind of need.

Hello @EMEtech, it would be great if you can describe your use case in detail. I mean are you receiving notification as MSP and then solving issues or do you configuring each for a specific company and they need some extra info? If you receiving notification and want to better identify company where the computer belongs you can theoretically use variables like "Computer parent static group" or "Computer static group hierarchy".

Hello, many thanks for your request. It makes sense. We are currently analyzing technical feasibility and difficulty (from a time investment perspective). I hope that everything will go well, and we will be able to also work on this feature alongside other priorities. Stay tuned

Hello, thank you very much for reminding those things. Yes, we are also tracking these various smaller improvements. Unfortunately, capacity is limited, and we need to solve a lot of things with higher priority with broader business impact. However, do not worry. We have it in the backlog, and I hope that some of them will be able to address in the upcoming release. # 1 Uptime There was a tricky part how often to synchronize. We are considering adding it, but not sure if directly to the main computer table, maybe under details and sync it in some time intervals. # 2 Service pack / OS version It is problematic because it is impossible to guarantee that MS won't bring some ServicePack for Win 10. Now is possible to parse this information from the "OS version" in ESET PROTECT (that is technically the OS build). However, is good to consider creating a new field "OS build" and report version (e.g., 20H2) to "OS version", but it needs to be analyzed cross-platform. # 3 Network adapters Now we are reporting more physical adapters also wireless. Yes, the problem with duplicity (IPv4 and IPv6) is not fixed yet, but it is planned. Many thanks for your patience, I hope you have found other interesting improvements in ESET PROTECT 9.0. And of course, we will also try to move forward the smaller improvements suggested in this forum thread, but in some cases, we need more time due to other priorities.

Thank you very much for your message. We are very sorry about that. We would like to improve our product to fit your needs. Yes, it is true, but our console is aimed at managing security not for allowing or installing services on OS. However, in some cases, it could be interesting. We have a very powerful task in our console - RUN Command (https://help.eset.com/protect_admin/90/en-US/client_tasks_run_command.html). Theoretically, it may be helpful to enable anything, that is possible through the command line. Do you use on-prem management console or cloud? In both cases is a bug, because it should work. If you use ESET PROTECT Cloud please could you send us instance ID (you can find it in ESET Business Account - Help on upper-right corner - About) In general, we support Syslog, events, and structure are described here: https://help.eset.com/protect_cloud/en-US/events-exported-to-json-format.html. Do you prefer specific integration with specific SIEM/SOAR tool? In the case of specific ESET products like Mail security we have also certified integrations, for example: https://marketplace.microfocus.com/arcsight/content/eset If something specific for the console is required, we can consider it. As my colleague already mentioned, there is some limit, but it should be sufficient for almost all cases. Is the size of the log reason for failing? Which log are you trying to collect? Sysinspector, Lgcollector, or Diagnostic Logs? Many thanks for your help and feedback, we appreciate it

Hello, many thanks for your reply. It is preliminarily planned in ESET PROTECT Cloud 3.1, which is planned for January 2022. EDIT: Planned for version 3.2 (February 2022) EDIT2: We have analyzed it. Unfortunately, there is a risk when we are sending suspicious objects like phishing links in URI. It may cause our mailing service to be evaluated as suspicious or spam (it may also impact other customers who use a spam filter, e.g., from Google, etc.). For that reason, we have decided not to allow to sending of URI in notifications.

Hello, Many thanks for your suggestion. We will add it also to ESET PROTECT Cloud. We have it already in the on-prem version. I apologize. It was forgotten in the cloud version.

Hi Rdc, Thank you very much for your feedback, we really appreciate it. Yes, sorting this table could be useful. We try to add it here. Could you explain your use case deeply, why you need filters here? When you click on "Assign" you can find and sort here devices or groups. Do you prefer to search only through targets that were already assigned? Maybe one recommendation related to this topic. We strictly recommend assigning Policies to groups, not to single devices. Assigning to numerous computers (not groups) may harm the performance of your server. If you need to assign some policy to specific devices, we recommend creating a group, placing computers here, and assigning the policy to this group.

Hello, thank you very much for your suggestion. We apology for that. Now we are working on a comprehensive IDEA that should solve unexpected reboots (not only agents but after product upgrade, OS upgrade, etc.).

Many thanks for explanation. For streamlining endpoint product upgrade could be useful also this: Dashboard -> Status Overview -> Product version status -> Click on the "red" part of bar chart -> Update installed ESET products In the invoked wizard, you can select specific target/targets. It is not necessary to upgrade all endpoints. However, we recommend upgrading them all. Thank you very much for your feedback now. We are working on a comprehensive project that should help administrators with upgrading endpoints and all necessary components.

Many thanks karsayor, We are currently working on a large project / comprehensive mechanism that will help the administrator keep the products in the network on the latest version automatically. We hope that this feature will help you and other customers. The good news is that we already upgrade all ESET Management Agents for ESET PROTECT Cloud (formerly known as ECA) automatically.

Hello Robg, Thank you very much for your suggestion. We would like to understand your needs better. Please could you explain your typical use case? Do you trigger a particular task only on selected computers? If yes, which task? In some cases (e.g., Software install task), it may be useful to select a whole group of computers instead of selecting one by one. Or when you need to perform the action only on one computer, it could be useful to go through Computers, context action over a particular computer and chose "RUN TASK ..."

Many thanks for your suggestion. Now we are working on extending hashes in all our products. We plan to support also SHA256 as well. Of course, it completely makes sense to support it also in this feature (block by hash).

Thanks, quite a good idea. We will try to bring it in a service release next year.

Hello @municel , thank you very much for the good suggestion. We already have it in our backlog. We could probably improve it in next year's releases.

Hello @kapela86, many thanks for the clarification. Yes, we will try to extend "OS Service pack" field also for WIN 10 and Server 2016/2019. Very good suggestion, many thanks for it. I was also interested if it will be useful for you to have the option to filter all OS version instead of a concrete one. I mean something like operator "IS NOT". E.G., I would like to filter all Windows 10 computers that are not on the latest version, which is 2004.

Hello @kapela86, thank you very much for your suggestions. It really helps us to improve our products. One question to recommendation #3. What is your primary use case? Do you also want to filter based on this new column? Now we have column "OS VERSION" and based on this table https://docs.microsoft.com/en-us/windows/release-information/, it would be possible to find a specific version also now. However, I am guessing that you want to filter for expme all Windows 10 computers, which are not on the latest version. Is my assumption correct, or your primary use case is different? Many Thanks

Hello @Zen11t, thank you very much for your explanation again. It helps us to understand your needs better. I hope this trick will help you You can filter the computers with an outdated version of agents and then click on any item in the table and select "In computer page (all)". It will navigate you to the computers section, where you will have only computers with outdated agents, and here you can also check the last connection status.

Hello @Zen11t, thank you very much for explanation of your use-case. You can try to go: Dashboard -> Status overview (Tab) -> Product version statuses (Tile) -> Click on Agent bar -> Choose "Detailed information" After that, you will see the report, which you can also download (PDF, PS, CSV format), and in this report is "Version Check Status", that may help you identify which computers don't have the latest agent. Another solution could be to go to Dashboard -> ESET applications -> "Installed ESET Applications" (Table) -> Click on specific version of "ESET management agent" -> "Detailed information" In the table, you can see computers with this specific version of the agent. I hope that it will be helpful for you.

Hello @Alexku, thank you very much for your interest in this feature. Yes, we plan to add the possibility of sending events to the Syslog server. Do you have any specific requirements? (e.g., for the preferred format of events, or something else) What is your primary reason to use this feature? Feeding events to SIEM tool? If yes, which one are you using? (for better imagination, you can look here how the configuration of this feature looks in on-prem ESMC)