igi008
-
Posts
34 -
Joined
-
Last visited
Posts posted by igi008
-
-
12 hours ago, bbdokken said:
There are places in the Protect console where sorting is missing and would be a big time saver. For instance, in the Dashboard, go to ESET Applications. Click on one of the out of date applications then click "detailed information". This produces a list of computers that are out of date, but no ability to sort.
In that same list of out of date applications, if I click "update installed eset products" I get an easy way to update these out of date computers. Sometimes I don't want to update all of them, only specific ones. This would be easy to do if the selection list was sortable.
Thanks for Cloud Protect, it has been a game changer for us!
Hello, thank you very much for this feedback, we plan to improve it, and every table should be sortable in the future.
-
2 hours ago, HOverviewIT said:
Hello,
I would like to see a new implementation in the eset endpoint protection to block scammers.
All these scammers are using teamviewer or anydesk to take control of the computer of the victim. As Eset is monitoring network traffic, it should be easy to see if somebody is using anydesk or teamviewer to control a computer. If you open a webpage for a bank, together with open remote session, I would like to see a red warning (or even block the connection using a policy) that people are informed that there are possible hackers on their computer and that they should not enter any codes.
Hello, many thanks for this idea.
Actually we have something like you mentioned in our EDR layer (ESET Inspect), which provides better visibility in your network and helps you identify suspicious behavior.
For example, these rules related to this MITRE ATT&CK Technique: https://attack.mitre.org/techniques/T1219/ can be helpful.
However, including other conditions in such rules is a quite interesting idea.
-
On 6/14/2022 at 11:32 AM, Ufoto said:
Is there any information whether ESET is considering to add this variable to the Notifications email body at some point?
Hello,
many thanks for your post. It is a bit tricky because URI can also be a phishing link (in the case of web protection). ESET may be put on the list of phishers when we will send such notifications. However, we will try to open this topic internally again, and we will try to find an appropriate solution. -
20 hours ago, Troldahl said:
When in the Protect Cloud screen, whether Detections, Computers, or whichever, it would be nice to be able to search for records that do NOT match a text. For example, in the Detections, I might want to only look at detections that are Not CVEs. Since the CAUSE box is a text box, adding a checkbox for "NOT" would let me type in CVE and see everything else.
Thank you very much for your suggestion. We also have a negative filter in your backlog. We plan to pilot it on the computer screen with a new Filter Advisor (planned in H1/2022). Please stay tuned
-
On 3/1/2022 at 9:21 AM, D. Höfer | hcsystem said:
Hello Marcos,
thx for the clarification. do you have any idea how to achieve the above described outcome?
Hello,
Manny, thanks for your suggestion. We have in the backlog the reworking dynamic groups or, better say, enriching them to be possible to consider also data on the server (console).
For now, you can try a workaround (but not ideal) to filter servers based on OS name and exclude domain controllers by the "Not equal" condition for specific machines.
In the future, we will try to extend Dynamic groups / Dynamic group Templates to better-fitting this kind of need.
-
Hello @EMEtech, it would be great if you can describe your use case in detail. I mean are you receiving notification as MSP and then solving issues or do you configuring each for a specific company and they need some extra info?
If you receiving notification and want to better identify company where the computer belongs you can theoretically use variables like "Computer parent static group" or "Computer static group hierarchy".
-
20 hours ago, kingoftheworld said:
I have been directed to post feature requests here as that seems to be the only option for accepting customer feedback. I would like to request that ESET Protect, at least the on-premise version, to be able to use use of the many OTP MFA apps available such as Google Authenticator, Authy, etc. The login to ESET Business Account already allows you to use any app of your choosing, but for some reason, this feature was never added to ESET Protect. Being forced to use only the ESET Secure Authentication app for only this is a little annoying, and I am sure I am not alone.
Hello, many thanks for your request. It makes sense. We are currently analyzing technical feasibility and difficulty (from a time investment perspective). I hope that everything will go well, and we will be able to also work on this feature alongside other priorities.
Stay tuned
-
8 hours ago, kapela86 said:
I just updated from ESMC to ESET Protect and I'm very sad to see none of my requests got implemented. I asked about them more that a year ago:
Hello, thank you very much for reminding those things. Yes, we are also tracking these various smaller improvements. Unfortunately, capacity is limited, and we need to solve a lot of things with higher priority with broader business impact. However, do not worry. We have it in the backlog, and I hope that some of them will be able to address in the upcoming release.
# 1 Uptime
There was a tricky part how often to synchronize. We are considering adding it, but not sure if directly to the main computer table, maybe under details and sync it in some time intervals.# 2 Service pack / OS version
It is problematic because it is impossible to guarantee that MS won't bring some ServicePack for Win 10. Now is possible to parse this information from the "OS version" in ESET PROTECT (that is technically the OS build). However, is good to consider creating a new field "OS build" and report version (e.g., 20H2) to "OS version", but it needs to be analyzed cross-platform.# 3 Network adapters
Now we are reporting more physical adapters also wireless.
Yes, the problem with duplicity (IPv4 and IPv6) is not fixed yet, but it is planned.Many thanks for your patience, I hope you have found other interesting improvements in ESET PROTECT 9.0.
And of course, we will also try to move forward the smaller improvements suggested in this forum thread, but in some cases, we need more time due to other priorities.
-
On 11/2/2021 at 10:12 AM, INDUS_MH said:
Comment for 7:
We use the business products and will likely not be extending the subscription.
Reasons are the lacking integrations for automation and monitoring tools.
- SNMP can not be configured via webinterface
- Syslog logging is not useful (no logs are sent if an endpoint detects malware)
- I could find no integrations for SIEM, SOAR or SOC solutions.
- collecting logs from an endpoint via the ESET Protect webinterface fails most of the time.
Thank you very much for your message. We are very sorry about that. We would like to improve our product to fit your needs.
QuoteSNMP can not be configured via webinterface
Yes, it is true, but our console is aimed at managing security not for allowing or installing services on OS. However, in some cases, it could be interesting. We have a very powerful task in our console - RUN Command (https://help.eset.com/protect_admin/90/en-US/client_tasks_run_command.html). Theoretically, it may be helpful to enable anything, that is possible through the command line.
QuoteSyslog logging is not useful (no logs are sent if an endpoint detects malware)
Do you use on-prem management console or cloud? In both cases is a bug, because it should work. If you use ESET PROTECT Cloud please could you send us instance ID (you can find it in ESET Business Account - Help on upper-right corner - About)
QuoteI could find no integrations for SIEM, SOAR or SOC solutions.
In general, we support Syslog, events, and structure are described here: https://help.eset.com/protect_cloud/en-US/events-exported-to-json-format.html. Do you prefer specific integration with specific SIEM/SOAR tool?
In the case of specific ESET products like Mail security we have also certified integrations, for example: https://marketplace.microfocus.com/arcsight/content/eset
If something specific for the console is required, we can consider it.Quotecollecting logs from an endpoint via the ESET Protect webinterface fails most of the time.
As my colleague already mentioned, there is some limit, but it should be sufficient for almost all cases. Is the size of the log reason for failing? Which log are you trying to collect? Sysinspector, Lgcollector, or Diagnostic Logs?
Many thanks for your help and feedback, we appreciate it
-
On 11/1/2021 at 7:25 PM, Alan Shakter said:
Thanks! Can you provide an ETA when this will be implemented in the cloud?
Hello, many thanks for your reply.
It is preliminarily planned in ESET PROTECT Cloud 3.1, which is planned for January 2022.
EDIT: Planned for version 3.2 (February 2022)
EDIT2: We have analyzed it. Unfortunately, there is a risk when we are sending suspicious objects like phishing links in URI. It may cause our mailing service to be evaluated as suspicious or spam (it may also impact other customers who use a spam filter, e.g., from Google, etc.). For that reason, we have decided not to allow to sending of URI in notifications.
-
2 hours ago, Alan Shakter said:
Description: Notification Alert New Variable
Detail: Currently when setting a template for notifications, the provided available variables cover a good portion of the needed info, however there is one vital piece of info that is missing as a variable. The URI aka the "Uniform Resource Identifier" which gives the file name or URL blocked which is quite important to see in an alert. See snapshot with current available variables and snapshot with a URI example from within the Detections page
Hello, Many thanks for your suggestion.
We will add it also to ESET PROTECT Cloud.
We have it already in the on-prem version. I apologize. It was forgotten in the cloud version.
- MichalJ and Alan Shakter
-
2
-
On 4/9/2021 at 9:08 PM, Rdc said:
Also, Please add a filter or search option
Hi Rdc,
Thank you very much for your feedback, we really appreciate it.
Yes, sorting this table could be useful. We try to add it here.
Could you explain your use case deeply, why you need filters here? When you click on "Assign" you can find and sort here devices or groups. Do you prefer to search only through targets that were already assigned?
Maybe one recommendation related to this topic. We strictly recommend assigning Policies to groups, not to single devices. Assigning to numerous computers (not groups) may harm the performance of your server. If you need to assign some policy to specific devices, we recommend creating a group, placing computers here, and assigning the policy to this group. -
15 hours ago, HMCIT said:
When we update our ESET Agents we find that we need to have all our machines reboot. With the reboot option in the management console the machines just reboot with no warning. Any open work is lost and the user is confused, thus generating a call to the help desk.
Would it be possible to have a reboot notification when pushing a reboot on a machine. ESET is finishing an update and will reboot in 30min. Reboot later or reboot now.
I reached out to support and was told to post this request here.Hello, thank you very much for your suggestion.
We apology for that. Now we are working on a comprehensive IDEA that should solve unexpected reboots (not only agents but after product upgrade, OS upgrade, etc.). -
On 1/14/2021 at 1:11 PM, robg said:
Usually when I want to install the latest EsetAV on a single machine , the task asks to select a version so I want to create new tasks to avoid installing older versions. Or rebooting a machine at a particular one off time I can't reuse the task and making a new one is the same effort as editing an existing one. Selecting the computer I want to run it against it from the title bar would save me several clicks if the filter had name as a default
Many thanks for explanation.
For streamlining endpoint product upgrade could be useful also this:
Dashboard -> Status Overview -> Product version status -> Click on the "red" part of bar chart -> Update installed ESET products
In the invoked wizard, you can select specific target/targets. It is not necessary to upgrade all endpoints. However, we recommend upgrading them all.Thank you very much for your feedback now. We are working on a comprehensive project that should help administrators with upgrading endpoints and all necessary components.
-
On 12/23/2020 at 12:21 PM, karsayor said:
Description: Automate the "rerun on failed" trigger
Detail: When upgrading Endpoint or Agents to latest version, often it might fail on some computers due to many reasons. It would be nice to have the ability to automate the trigger on these because as of now you have to constantly monitor and rerun many times the task. Using a dynamic group also doesn't work since the task will run when computers joins group but if it fails it will not run again.
Many thanks karsayor,
We are currently working on a large project / comprehensive mechanism that will help the administrator keep the products in the network on the latest version automatically. We hope that this feature will help you and other customers.
The good news is that we already upgrade all ESET Management Agents for ESET PROTECT Cloud (formerly known as ECA) automatically. -
On 12/23/2020 at 12:51 PM, robg said:
Description: Have Name as a default Filter field when selecting Targets
Detail: When running a task or creating a task and selecting Targets there is a default Tags option but not a Name Filter field. Name can be added from the drop down Add Filter - Name but it would save me doing this every time as it reverts back afterwards to just Tags.
Hello Robg,
Thank you very much for your suggestion. We would like to understand your needs better. Please could you explain your typical use case? Do you trigger a particular task only on selected computers? If yes, which task?
In some cases (e.g., Software install task), it may be useful to select a whole group of computers instead of selecting one by one.
Or when you need to perform the action only on one computer, it could be useful to go through Computers, context action over a particular computer and chose "RUN TASK ..." -
16 minutes ago, Lockbits said:
Hello guys,
The ability to add other type of hashes like SHA256 in order to block them and not only SHA1.
Thanks.
Many thanks for your suggestion. Now we are working on extending hashes in all our products. We plan to support also SHA256 as well. Of course, it completely makes sense to support it also in this feature (block by hash).
-
On 10/19/2020 at 6:24 PM, David Fletcher said:
We have relied on pushing a .bat agent installer to our MSP clients through our RMM when deploying ESET. With the move to the new MSP management and the creation of per-customer agent installers there only seems to be a .exe download now, not a .bat.
Is there a way to get a scriptable install for the agent? This appears to still be available for MAC clients, but not windows.
ESMC v.7.2.1278.0
Thanks, quite a good idea. We will try to bring it in a service release next year.
- MichalJ and Peter Randziak
-
2
-
On 9/2/2020 at 11:17 PM, municel said:
I think it would be greatly beneficial to the experience to have the details of the entity that triggered the alert with a direct link to said entity and link to the notification's filter.
For example, for the client tasks that fail notification, having a direct link to the client tasks list filtered on the tasks that fail would prevent having to go in the notification in order to check the filter expression to get the reason why the notification was sent.
Hello @municel , thank you very much for the good suggestion. We already have it in our backlog. We could probably improve it in next year's releases.
-
36 minutes ago, kapela86 said:
Well, I just want to see if it's 1909, 2004, etc, I don't know about other people. For Win7 it shows "Service pack 1" so for Win10 and Server 2016/2019 it should show mojor build number since they are somehow like service packs. Regarding your filter question, there is already a filter for OS SERVICE PACK so I don't really understand your question.
Hello @kapela86, many thanks for the clarification. Yes, we will try to extend "OS Service pack" field also for WIN 10 and Server 2016/2019. Very good suggestion, many thanks for it.
I was also interested if it will be useful for you to have the option to filter all OS version instead of a concrete one. I mean something like operator "IS NOT". E.G., I would like to filter all Windows 10 computers that are not on the latest version, which is 2004. -
On 8/18/2020 at 3:13 PM, kapela86 said:
Few Changes with columns on "Computers" page
On "Computers" page, can you change a few things:
1. COMPUTER NAME column: right now it shows FQDN followed by internal IP address. Can you add an option to hide IP address? OR add separate columns like this:
a) hostname without IP
b) FQDN without IP
c) hostname with local IP
d) FQDN with local IP
e) hostname with remote IP
f) FQDN with remote IP
2. REMOTE HOST column: change name to REMOTE IP since it shows IP address. And add a proper REMOTE HOST column that will show FQDN (or revDNS, or a separate column with revDNS since it can be different from FQDN)
3. OS SERVICE PACK column: with Windows 10 and Server 2016/2019 let it show a proper version, eg 1903, 1909, 2004.
Hello @kapela86, thank you very much for your suggestions. It really helps us to improve our products.
One question to recommendation #3. What is your primary use case? Do you also want to filter based on this new column?Now we have column "OS VERSION" and based on this table https://docs.microsoft.com/en-us/windows/release-information/, it would be possible to find a specific version also now. However, I am guessing that you want to filter for expme all Windows 10 computers, which are not on the latest version. Is my assumption correct, or your primary use case is different?
Many Thanks
-
Hello @Zen11t, thank you very much for your explanation again. It helps us to understand your needs better.
I hope this trick will help you
You can filter the computers with an outdated version of agents and then click on any item in the table and select "In computer page (all)". It will navigate you to the computers section, where you will have only computers with outdated agents, and here you can also check the last connection status.
- MichalJ and kanok ramsint
-
2
-
Hello @Zen11t, thank you very much for explanation of your use-case.
You can try to go: Dashboard -> Status overview (Tab) -> Product version statuses (Tile) -> Click on Agent bar -> Choose "Detailed information"
After that, you will see the report, which you can also download (PDF, PS, CSV format), and in this report is "Version Check Status", that may help you identify which computers don't have the latest agent.Another solution could be to go to Dashboard -> ESET applications -> "Installed ESET Applications" (Table) -> Click on specific version of "ESET management agent" -> "Detailed information"
In the table, you can see computers with this specific version of the agent.I hope that it will be helpful for you.
-
Hello @Alexku, thank you very much for your interest in this feature.
Yes, we plan to add the possibility of sending events to the Syslog server.
Do you have any specific requirements? (e.g., for the preferred format of events, or something else)
What is your primary reason to use this feature? Feeding events to SIEM tool? If yes, which one are you using?
(for better imagination, you can look here how the configuration of this feature looks in on-prem ESMC)
Future changes to ESET PROTECT (cloud)
in ESET PROTECT
Posted
Thank you very much for your valuable feedback. I absolutely agree with you. It is our goal to improve this situation and have all necessary components and tools in one installer/agent, with components enabled based on your license.
Currently, we are making efforts to introduce more improvements that enhance the experience of easily enabling additional protection layers. We are striving to achieve this through an installer that installs all components based on your license across all platforms. By expanding ESET Solutions, we allow for the easy enablement of additional protection layers via a context menu over a single computer or groups of computers. The license is preselected automatically, and everything necessary is enabled or installed on the endpoint.
We also aim to expand a dedicated section in the menu titled "ESET Solutions" where we are adding support for more and more protection layers. In this section, it is easy to distinguish where a protection layer is enabled and where it is missing.
If a customer does not have a sufficient license, they can request a trial and try an additional protection layer like LiveGuard directly from this section.