Jump to content


ESET Staff
  • Content Count

  • Joined

  • Days Won


Everything posted by MichalJ

  1. Thank you @Campbell IT Concerning the "logged users" - all is clear. We are already tracking an improvement for that, so I have added your feedback to it. With regards to the "Detection Engine", would the information about "last update attempt" (= when the application contacted ESET Servers, to check whether there is a newer version of any module) or "last successful update" (= when the application actually downloaded any of the newer modules from ESET Servers, which means it´s working with the latest modules), be sufficient to you? In the meantime, logic works, that machine changes its status from updated to non-updated after 7 days, and will report a protection status (red) with "modules out of date". If you are more strict with this, what you can do is to shorten the alert interval down to one day, by configuring a setting in a policy for security product as follows:
  2. @Campbell IT Concerning your feedback. Issue with "logged in users" is, that there could be more than one user logged in on the machine, so choosing just one, might not be valid. However we are tracking improvement request to have this (adding the information in computer details was the first step). We are working on a redesigned computer table element, that would be more robust from the point of view of displaying the desired information. Detection engine (previously VSDB) is not coming back, as it´s just one of many modules in the product, and the information does not really indicate whether the product is updated or not. We are instead working on adding information about "last update attempt" and "last successful update". Out of curiosity, for what purpose you would use the Detection Engine version info for? We are also working on "tagging functionality" that would allow specification of tag manually (in the first phase) and later automatically, that would replace the "custom fields" functionality in the old ERA V5.
  3. @Sam Fonteno Thanks for the response. Just to double-confirm - you are seeking an option, that would be able to wake up the device, if it´s asleep / switched off, the same way as the WOL works. Correct?
  4. @bbahes Thanks for your feedback. We are tracking several improvements (some of them targeting 7.1) that should make accessibility / readability of the agent logs simpler.
  5. @Sam Fonteno If you configure your tasks in advance, those are actually run by ESMC / ERA agent, Connection to server is not needed. And success is reported during next replication window. Also, secondly, in case something serious happen (status of product is changed, or high severity detection has occurred) agent automatically initiates our of order replication, and reports the status back to the centralized server. I do not see a reason how a "Scheduled WOL" would help in this matter. But maybe I am not understanding you correctly, so please provide more details. Also, server tasks are done on the server, by the server.
  6. @Kieran Barry thank you as well for your feedback. With regards to the "double clicks", we are moving to "single click" options, for example for reports, or navigation. Many of those are already in V7, and we plan to add more into the future. Also, toggle context menu on right-click is something that is being evaluated. Concerning the "reset to defaults", can you please provide more use-cases - where you would like to see those? You have mentioned reports / policies - would for example "locking down" the build-in templates as "read only" work, so you will be in fact forced to "clone / duplicate" the entry to do any modification? Or you would simply prefer to "undo changes" done within a specific object (factory defaults). If you can provide an example when you wanted to do it, it might help us to better understand the problem, and come up with a proper solution for it.
  7. @bbahes thank you for your feedback. We are tracking several improvements, that should allow tracking of policy modification history / policy versioning. I will link your feedback to those. Also, the resulting configuration is now a result of multiple merged policies (if more are applied) + local modifications. We are as well tracking improvement to visualize the "winning policy" next to each setting that is configured.
  8. @Markwd Hello, there are two reasons. Anti-theft in consumer is focused on device retrieval, not on the data security (no possibility to wipe the disk on the device). Also, the implementation capable of tracking screenshots / photos of the users, might violate a lot of corporate laws / regulations. If Anti-theft is introduced into the business versions, it will have to behave differently. If I can ask you a question, what kind of a problem you would like to solve with it? Would it be intended for device recovery, or more a data removal / prevention of misuse ?
  9. @bbahes Concerning the first point, with regards the OS update. I will let our documentation team know, that we should recommend running OS update after an appliance deployment. Concerning the various errors - those are most probably related to the fact, that underlying components of the ESMC were updated, meaning either DB / or some component needed for server to run was not running (those types of errors are happening when the DB does not respond) - so for example the ODBC driver, or MySQL could have been patched on the backend during the OS run. If you want to know / see what is being updated, In case of appliance I would recommend to enable the webmin interface, and then execute updates of a sensitive system via webmin, there details concerning the installed packages are available. Concerning the next points: Computer name entry in ESMC database is created based on the computer name during the first connection. If the value changes on the client, it´s not updated. This is by design, as the previous behavior that you know from ERA was criticized by some admins, that they were loosing traces of some machines, after a rename (machine simple "disappeared" as it was renamed, so it was a bit "messy" after some time). What you can easily do, if you want to, is to create a regular "rename computers" task, point it towards a specific group (for example "newly deployed computers" (where the AIO will point towards). So they will then get the correct name, based on the locally reported FQDN. This is possible. You can have multiple OUs synced into multiple groups. What should be done, is to first rename the computers to correct FQDN (step ) and then configure AD sync task computer collision handling to "move" instead of "skip" or "duplicate". That would resolve your problem. Consistency issue will be reported to the development team, for adjustment towards the future version of the product.
  10. Are there actually systems which do have 16 GB RAM? Can you show us the set of symbols / report configuration? Is it a predefined report template? If a custom one, can you export it, and add it here?
  11. @ludolf In ESMC V7 you can configure "monitored static group" as a part of the notification. So if the alert happens in the Group1 and Group1 is configured as monitored, only the recipients set in this notification will get it. Concerning the auditlog issue, we are tracking improvement for a more granular filtering (it was actually existent before).
  12. @ludolf Thanks for your feedback. Point 2 (second post) is already in the backlog. With regards to export / import of webcontrol groups, I will report improvement for the Endpoint team, as in general ESMC / ERA only visualizes entries from Endpoint configuration. I have however a follow-up question about the audit log filter - do you mean, that audit log, will have by default active / visible filter for "username" ? Or you want to filter by action detail (this is currently not possible, I will have to check with developers whether it would be possible).
  13. @pps Can you please adjust the settings from "block" to "warn", whether the behavior of the page will be changed? I will check with the teams responsible, where could be the issue.
  14. @kingoftheworld Thank you for your feedback. I will discuss this with my PM colleagues responsible for both Mac and Windows products.Password protection on Mac is already tracked in the backlog. Concerning the unification of the updater behavior, I will check about what can be done. I agree, that it should be possible to specify dual update profiles also for manually triggered update, not only scheduled one.
  15. @Wassie We will track improvement for this topic. As of now, we have not received such request. But I get your point. You simply want to see all actions currently running on all of your clients (aggregated) - but only "running", not finished / failed / scheduled. I can´t share with you any exact timeline. We anticipate during this summer. As soon as date is confirmed, we will share it with you. Concerning the new features, there will be a changeling / what´s new article published at the moment of the release, and in the ESET support portal. Upgrade will be possible by running the new binaries over the old ones (in the beginning) and later via "component upgrade task" (like from 6.4 => 6.5). Thank you. We will work on it I think I get the point now. What you want is a "print out" of the scan report, with a nicer graphics, but only focused on that individual scan. Is that correct? And you want ERA to print those data for the customers (for the individual scan). We have never received such request, but I will discuss it with people here, about how to resolve it.
  16. Hello, showing the category is now supported in the latest versions of our Endpoint applications (I have checked it with the responsible PM). Are you please able to confirm?
  17. We will take this into consideration, but still, due to the relatively low install base of Linux (outside of the VM appliance) it will still remain with a low priority, compared to other things we want to achieve.
  18. @Rémi Primary reason was optimization of dev/QA costs, where MySQL is platform agnostic, so can run on both Windows & Linux systems. MariaDB is only for Linux. We have received few such questions, however it never went "too high" into the priorities list, in order to be done. We have however such item in the backlog for the future releases.
  19. @pps Thank you for reporting. We will add this into the feature backlog. After brief check with developers, this should be possible.
  20. Thank you for your feedback. This is more a feature of Endpoint Security, as webcontrol is integrated in there. We will track an improvement request for that in within the corresponding project.
  21. It will be possible to filter "Rogue computers" report by a source machine (computer name). So therefore you will be able to add computers to different static groups, but this action will be purely manual.
  22. @Nono I assume you are talking about rules for HIPS eventually Firewall. This is not that much a functionality of ERA, than a functionality of Endpoint. I will discuss it with Endpoint team, whether some "rule syntax verification" won´t be added in the future. @Wassie Thank you for your feedback, concerning your requirements: Description: Overview of all running and planned tasks You have a section "client tasks", however this shows you the status per individual task - aggregated, and you need to drill down, to see the status. Only thing that might not be done easily is the "progress bar", as it´s difficult to calculate aggregated progress for multiple machines (as the task is common for multiple machines). Description: Overview of all problems In the upcoming version 7, we have a dashboard "computer with problems" and "top computer problems" out of where you can apply "one-click" actions, that could resolve the problems (like initiate OS update, or create a new task). Also a new "status overview" dashboard is coming in the V7. Description: (professional) report for customers Future version of 7.1 is currently focused on resolving the problems / challenges of MSPs, so we have a similar (executive report, per managed company) in our scope. I will discuss whether we can expand it to also include performed actions. Description: (professional) report for scheduled or instant scanning Can you provide more details. Is this something like a webservice, where customer upload files, those are scanned (on-access / on-demand) and you want to provide them results, whether the files they have submitted were malicious or not? We are adding a "dynamic threat defense" cloud sand-boxing solution, which will allow customers to submit files to our isolated sand-boxing environment, from where you can also get a report, about the state of the submitted files. Or do I get it wrong?
  23. @pps this will be for sure added in the new version of ERA. I do not have an older version available, but in the new one there will be an explicit checkbox to "ignore disabled computers".
  24. @Society Thank you for your feedback. We are already tracking the improvement for such functionality, so I have added your "vote" to it. Just out of curiosity, how frequently are you generating reports? Don´t you use the e-mail delivery method, or on-demand download of the report output using web-console? Or you more have some scheduled regular tasks, that are placed into the (currently) default directory?
  • Create New...