Benjamin82

Application Control/Whitelisting. I've inquired before about this, but I view it as a core capability that ESET still lacks. Microsoft's tools for application control are varied and cumbersome to manage. SRP is dated, Applocker only works on Enterprise versions of Windows 10 and 11, and Windows Defender Application Control is probably the most cumbersome yet of their application control tools. So my suggestion would be some manner to whitelist authorized applications (via hash, publisher, etc.) and effectively block execution from user writeable directories within ESET. Basically similar to how SRP and Applocker works.

Thank you Michal, I will send you my license details.

I've seen previous posts about Enterprise Inspector being either offered as a full cloud solution or merging the capabilities of Enterprise Inspector with the ESET Protect product. Is there an estimate on when this might occur or any status update? EDR capabilities are being pushed by both regulators (see item #7 from the New York Department of Financial Services: https://www.dfs.ny.gov/industry_guidance/industry_letters/il20210630_ransomware_guidance) and cyber liability insurers (almost every application I completed this year asked if we deployed an EDR solution). Even the White House has issued a statement recommending EDR solutions (https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/). Small to medium businesses might not necessarily be moving all of their on premise workloads to a cloud solution, but I think when selecting new products and services there is a preference for cloud based solutions. And almost every major (and minor) player in the EDR market offers a fully cloud hosted solution. Just wondered if this was still on ESET's roadmap. Having to deploy an on premise server to run it makes it feel like a 'legacy' solution.

Is Application Control/Whitelisting still on the product roadmap? It's becoming commonplace in most endpoint products. Currently I typically use the now deprecated (but still working) Software Restriction Policies built into Windows, in conjunction with ESET. Kaspersky in particular has made their whitelisting very configurable in their Endpoint Security for Windows product (https://support.kaspersky.com/KESWin/11/en-US/165718.htm), and can handle whitelisting based on hash, file path, certificate, etc. (similar to SRP and Applocker). There are some dedicated third party solutions for handling application whitelisting as well, such as Airlock Digital (https://www.airlockdigital.com/), and even ManageEngine recently launched a new offering (https://www.manageengine.com/application-control/?pos=Allprod&cat=ITS&loc=links&prev=AB2). But it would be very handy to have this sort of control available in ESET Endpoint products.

I will second the suggestion to add some sort of Application Control/Whitelisting feature. I know you mentioned it's on the longer term roadmap, but I'm not sure what that timeline looks like. Application whitelisting is becoming a preferred endpoint control, in fact, the Australian ASD emphasizes it in their "Essential Eight" controls (https://www.cyber.gov.au/publications/essential-eight-explained). I've used Microsoft's built in Software Restriction Policies, and while those still generally work, they are no longer being actively developed/supported by Microsoft. Applocker is the suggested replacement, but that's only available in Enterprise, which is very costly to license, so many small to medium sized business use Windows Pro. Application control is also becoming a common feature in business endpoint products. I reviewed several of the main business endpoint vendors, and it's included in some fashion by the following: Symantec Endpoint Protection McAfee Trend Micro Worry-free Services Kaspersky ("Trusted Applications Mode") Bitdefender F-secure PSB I like the configurability that HIPS offers, but it cannot quite replicate the "default deny" capabilities of a whitelisting approach.

Are any sort of Application Control and/or Application Whitelisting features planned for a future release of ESET Endpoint protection? I ask because I currently use Microsoft's built in Software Restriction Policies (SRP) along with ESET Endpoint, but Microsoft has indicated that SRP is no longer being developed and support for it may be pulled. Of course they recommend using Applocker as the successor to SRP, but that's only available in Windows 10 Enterprise, and we have Windows 10 Pro. Licensing Enterprise is somewhat more expensive than I thought, so I'm looking at third party options. I noticed some other endpoint business products have application control included, such as Kaspersky and F-Secure. I really like the configuration options of ESET HIPS, but it cannot quite replicate the whitelisting controls provided by SRP or Applocker. Just curious if any consideration has been given to including similar capabilities in ESET. There are a few other third party options out there for strictly whitelisting, but few have centrally managed web consoles available (Excubits Bouncer, NoVirusThanks Smart Object Blocker, etc.). About the only centrally managed options are Appguard or Airlock Digital, but once you factor in the cost for those, on top of ESET, Kaspersky or F-Secure might make more sense. I think most of these products work largely the same and use the same Windows APIs. Long story short, it would be great if ESET had application control/whitelisting features in the pipeline.