Jump to content

Rendekovic

ESET Staff
  • Posts

    21
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by Rendekovic

  1. Hello @Kostadin_k,

    EFDE for mac utilizes FileVault because there is no other way to FDE macOS. Apple prevents its system to use FDE from 3rd party vendors.

    EFDE for win is a different story. Microsoft allows for vendor´s proprietary encryption and we have this covered.

    So we are pretty much covered on both macOS and Windows. But yes, adding Bitlocker management to ESET Protect (Cloud) is an option, but even if we go this direction in the future, it will not work as seamlessly as you described. Taking over management of an already encrypted machine is more than complicated because of recovery password that belongs to a particular encrypted system. Migration of these recovery passwords from Active Directory (where Bitlocker stores them)  to our console followed by a seamless "takeover" of the machines by the console is very complicated (if even possible).

    At this moment, adding management of Bitlocker to our EFDE/EP(C) solution is not on our roadmap.

    Ervin Rendek

    PM for Encryption solutions

  2. Hello @mayowa,

    thanks for reaching out.

    1. have you already applied Encryption policy onto those machines? Above you only describe that the EFDE is installed on machines, but nothing about policy...

    2. If an Encryption policy has been applied already, you should see why it still did not initiate. This is visible on "Computer details" screen -> Encryption tile

     

    Reports have not been implemented yet, but we will bring EFDE reports into ESMC in 3 weeks.


    Ervin

  3. Hi @Mr.Gains

    you are right, reports are in the works currently.

    we are panning to offer reporting (more or less) in this scope:

    • Computers not eligible for encryption
    • Computers eligible for encryption  EFDE not installed
    • Computers eligible for encryption. EFDE installed AND disk not encrypted
    • Computers with encryption in progress
    • Computers encrypted 
    • Computers encrypted using TPM chip
    • Computers encrypted using OPAL 2.0
    • Computers encrypted via FileVault2 (future)
    • Computers with boot disk only encrypted
    • Computers with all disks encrypted
    • Computers recovered in past month...

    What exactly would you like to see in the reports? Except for "password uses left" you mentioned above...

    Thank you for your inputs

    Ervin Rendek

    PM for Encryption solutions

  4. Hello @Mr.Gains, thank you for your post,

    to resolve the issue you describe (I believe I understood correctly) I suggest to do the following in an EFDE Policy:

    • set "Maximum uses" under "Recovery Password Uses" to 2 AND
    • "Automatically generate new recovery password" under "Recovery Password Uses" to YES AND
    • "Generate when (uses remain)" under "Recovery Password Uses" to 1

    This way you will restrict use of one recovery password to 2 uses, and after the 1st use a new one will be generated and will become a valid recovery password AFTER EFDE connects with ESMC.

     

    With more attempts than set in a policy, it sounds like a bug. Could you please raise a tech. support ticket for this issue? we will investigate

     

  5. Hey Lockbits,

    Thanks for your interest. Of course SSO is a very useful feature. As of now, it is not strictly in our roadmap since not many customers has asked for it yet. We are constantly monitoring and prioritizing the requirements from the market and based on them additional development is scheduled. I would say this feature will be added later, but I cannot commit to a specific delivery time 

    Best regards

    Ervin

  6. Hi ADS82,

    Thank you for contacting us.

    Could you please be more specific and let us know what exactly would you like to achieve in as much detail as possible?

    Unfortunately, your request is very concise and I cannot really imagine what is your usecase.

    Best regards,

    Ervin

  7. Hello sajk.dot,

    This seems more like a support case. Probably there is a very specific SW/HW combination that is causing this issue. I would kindly ask you to submit a support ticket with screenshots and other relevant details. We will look into it

    Regarding admins and their rights in ECA- the structure is flat and basically there are only 2 variants.

    1. Either has admin read only rights (in this case encryption recovery is greyed out and not clickable) 
    2. Or if you want both admins to have the same ECA rights (including EFDE recovery):  The  "Super user" (as you call him) has to grant "use" rights to this other admin in EBA.

    Best regards,

    Ervin

  8. Hey Wacojohn,

    Since  NSO groups say it provides "authorized governments with technology that helps them combat terror and crime", we will probably never know. They seem to operate like supernational entity coworking with goverments.

    Good news is the only encryption we provide for iOS is an email encryption app and we have no reports of those emails being leaked. 

  9. Hello Matt,

    Moving from/ to domains is irrelevant to the communication. you will always have contact with a machine once its activated wherever it is situated.

    In terms of sending commands and controlling encryption, you have nothing to worry about.

    Therefore, licencing will stay unaffected. 

    BR

    Ervin Rendek, PM for Encryption solutions

×
×
  • Create New...