Jump to content

MichalJ

ESET Staff
  • Content Count

    2,023
  • Joined

  • Days Won

    59

Kudos

  1. Upvote
    MichalJ received kudos from mxp in EMA2 | Updating license unit quantity...   
    Hello @mxp, we would like to identify the root cause of the problem. Can you please send me the license ID of the affected license via a private message? I will follow up with my colleagues. Indeed it should not take that long, so it´s either an one time issue, or a possible bug in the implementation. 
  2. Upvote
    MichalJ gave kudos to Rendekovic in EFDE Policy   
    Hello @Mr.Gains, thank you for your post,
    to resolve the issue you describe (I believe I understood correctly) I suggest to do the following in an EFDE Policy:
    set "Maximum uses" under "Recovery Password Uses" to 2 AND "Automatically generate new recovery password" under "Recovery Password Uses" to YES AND "Generate when (uses remain)" under "Recovery Password Uses" to 1 This way you will restrict use of one recovery password to 2 uses, and after the 1st use a new one will be generated and will become a valid recovery password AFTER EFDE connects with ESMC.
     
    With more attempts than set in a policy, it sounds like a bug. Could you please raise a tech. support ticket for this issue? we will investigate
     
  3. Upvote
    MichalJ gave kudos to Mr.Gains in EFDE Policy   
    In the EFDE policy we have total recovery password uses, and the recovery password reset when it reaches a number of uses left. The issue I see with this is that the user can reuse the same recovery password until they reach the auto-generate new password in policy, could we have this to where it could generate a new password after a number of use? For example in policy there's 20 recovery password uses, and it'll auto-generate a new recovery after every 2 recovery password used, and it'll warn the user when there's 4 total recovery password uses available before recovery data needs to be done. Another thing in entering incorrect password at the EFDE login screen, sometimes I get more attempts than I'm allowed and/or system reboot after 3 times. I'm thinking there's a bug in the password attempts, but it would nice for users to see how many more attempts until the current password is disabled.
    Thanks,
  4. Upvote
    MichalJ received kudos from offbyone in Trigger on static group   
    I have been able to reproduce the behavior. It seems to me as a bug, so I will report it to our QA / DEV teams. that a confusing description is displayed for the group, as indeed it shows "dynamic group" even when "static group" is set as target. 
    It only shows like that when you try to "edit trigger". 
  5. Upvote
    MichalJ received kudos from igi008 in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Hello, this option is already available in ESET Cloud Administrator console. Currently, as agents are updated via "Components upgrade task", which does not differentiate between agents, and other components of the ESMC infrastructure (server / webconsole) this option was disabled. However, in Cloud the server is fully hosted / maintained by ESET, so "one click agent updates" are possible. 
    Please note, that for the future releases we work on "automatic agent upgrades", meaning agents would automatically upgrade themselves to the version compatible / matching with the server. 
  6. Upvote
    MichalJ received kudos from pps in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Hello, this option is already available in ESET Cloud Administrator console. Currently, as agents are updated via "Components upgrade task", which does not differentiate between agents, and other components of the ESMC infrastructure (server / webconsole) this option was disabled. However, in Cloud the server is fully hosted / maintained by ESET, so "one click agent updates" are possible. 
    Please note, that for the future releases we work on "automatic agent upgrades", meaning agents would automatically upgrade themselves to the version compatible / matching with the server. 
  7. Upvote
    MichalJ received kudos from Cp3p0 in EMA2 MSP Question/Issues   
    Hello @Cp3p0, thank you for your feedback. I have forwarded it to the responsible product managers and UX experts.
    All of the issues you have highlighted are not user-errors, and we plan to address them in the future releases of EMA 2 (especially option to automatically hide suspended sites, de-provisioning of customers (incl. replication of such changes into ESMC) and adding settings with the option for auto deactivation. 
    We do not however plan to allow retroactive creation of a trial license per customer where full license was already present due to the potential of license misuse. However I do agree that the noisy records of cancelled license should be hidden / removed. That is AFAIK planned as well as some other improvements in the user behavior. 
  8. Upvote
    MichalJ received kudos from Peter Randziak in upgrade to 7.3.2032 - computer gets shut down after scheduled scan   
    Hi @ShaneDT Indeed, you are right, and I can assure you, that enabling automatic product updates, for both the endpoint clients, and the management environment (both cloud / on premise) is our uppermost priority. 
  9. Upvote
    MichalJ gave kudos to ShaneDT in upgrade to 7.3.2032 - computer gets shut down after scheduled scan   
    Yep, but the option is and has been there in the policy settings since I've been selling ESET (circa v6). If the option doesn't work it shouldn't be there, but it really is an option that we need. Every other vendor has had automatic program updates for aeons.
  10. Upvote
    MichalJ received kudos from Cameron in ESMC Server Migration and Licencing   
    Hi @Cameron. Yes, you can easily setup a new ESMC server, deploy couple of endpoints. If you activate those endpoints, they will add to the total of your license, meaning if you for example have 100 licenses, and 95 are used on the "current ESMC", then you have 5 seats to use on the new ESMC instance. 
  11. Upvote
    MichalJ gave kudos to MartinK in Future changes to ESET Security Management Center / ESET Remote Administrator   
    I think this is resolved in just-released ESMC 7.2 where it look like this:

  12. Upvote
    MichalJ gave kudos to Marcos in Update Error?   
    With EDTD, any file potentially carrying malware is submitted for analysis in the cloud where the file will be run. Based on the behavior analysis and evaluation by 3 different machine learning models, the file is then evaluated either as malicious, highly suspicious, suspicious and probably clean. EDTD can be configured to block access to files downloaded by browsers or email clients until a result of EDTD analysis is received.
    Let's assume a spammed VBA office document with a malicious macro that is not covered by a detection.
    Without EDTD: A user receives the email and opens the attachment. Since there's no detection for it yet, it will be run. Depending on what it does, further operations may be detected by some of the protection modules (e.g. if it downloads payload from a blocked url, web access protection will block the download). If it dropped payload and ran it, the payload could be detected by Advanced memory scanner, Deep Behavioral Inspection, etc. upon execution. It could also happen that it wouldn't do anything that could be detected by other protection modules. The user would need to wait until the next module (engine) update to get the malicious document detected.
    With EDTD: The user receives the email. The attachment is sent to EDTD. The user attempts to open the attachment but EDTD blocks the operation (results from analysis have not been received yet). During the analysis the document is evaluated as malicious (e.g. the detection has been added in the meantime, the behavior of the document was suspicious, etc.). Once the analysis has completed, all machines in the organization are informed that the file is malicious and Endpoint on machines acts accordingly, ie. blocks access to the malicious document.
  13. Upvote
    MichalJ gave kudos to Marcos in ESET Cloud Administrator   
    The Endpoint / EFSW license doesn't have the ECA flag. It seems you have a trial license so I'd suggest contacting the license issuer and asking for a license for "ESET Endpoint protection advanced cloud" which is Endpoint Security for ECA.
  14. Upvote
    MichalJ received kudos from Nightowl in Update Error?   
    Maybe a "Stupid" idea, but is the Windows time set correctly? There is by default a check in ESET application, that compares the date of the issue of the latest detection update, against the system time. If the system time is set in the future, it could trigger this notification, but it´s just a guess. 
  15. Upvote
    MichalJ gave kudos to SysEPr in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Description: Color code failing tasks
    Detail:  The server used to color code the tasks that are failing. I'm running the latest ESMC, and now, that doesn't happen, and I have a hard time figuring out which tasks are failing. Is there a way to color code it again, or where can I see it? All I get is a generic email saying: "At least one client task has invalid configuration and therefore will fail."
  16. Upvote
    MichalJ received kudos from schuetzdentalCB in Future changes to ESET Endpoint programs   
    @schuetzdentalCB Thank you for your feedback. With regards to the automated network isolation, something like that (possibility to trigger network isolation from the console) is being added in ESMC 7.1 / Endpoint 7.2 for Windows. We plan to further expand this concept to allow autonomous response in the future. 
    With regards to the application whitelisting, this is a bit more tricky topic. However it is on our long term roadmap. I will link your comment to the already tracked internal IDEA. Internal tracking IDEA-1510
  17. Upvote
    MichalJ received kudos from Mirek S. in Future changes to ESET Security Management Center / ESET Remote Administrator   
    @andy_s We will track this as an improvement request, towards the future versions. Issue is, that the "upgrade" itself is handled by Endpoint (in case you execute scan and select option "shutdown after scan"), and Endpoint does not initiate agent wakeup to report scan completion. It simply triggers shutdown, before the result is replicated.
    Maybe, if you are willing to, can you explain why are you shutting down the machines? Is it to save power over weekends, or? As there might be different way how to achieve that. One that will report "success" would be a run command, with a respective windows shutdown / with delay, as task would report "Success" not in the moment of task execution, but on the moment when it contacted WMI provider with the command the reboot. If system acknowledged, it will report success.  Also, out of curiosity, what is your replication interval?
  18. Upvote
    MichalJ received kudos from droezel in Future changes to ESET Endpoint programs   
    @Markwd Hello, there are two reasons. Anti-theft in consumer is focused on device retrieval, not on the data security (no possibility to wipe the disk on the device). Also, the implementation capable of tracking screenshots / photos of the users, might violate a lot of corporate laws / regulations. If Anti-theft is introduced into the business versions, it will have to behave differently. If I can ask you a question, what kind of a problem you would like to solve with it? Would it be intended for device recovery, or more a data removal / prevention of misuse ?
  19. Upvote
    MichalJ received kudos from Peter Randziak in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Hello @Pinni3. To get to your points: 
    For that purpose, we allow nested dynamic groups. Meaning you have your 30 static ones, each one of them could have nested dynamic groups. Our you want to set it in a way, that you for example put the DG under "all" but then say that it needs to be only in the following static groups. Challenge is, that DG is evaluated on the Agent side, and Agent does not always know, in which SG it belongs to (if you move a client, it will need to recalculate all policy assignments for example). Therefore the nested concept.  We are already tracking improvement for that (Internal reference - IDEA-1100) We are working on better auditing changes, to track who / what / when / how was done. (internal reference - IDEA-1371 I am not completely sure what´s the problem here. Purpose of ERA proxy was just to aggregate the data, but at the end it was sent to ERA server, so the amount of DATA sent is not increased when Proxy was deprecated. Just the ESMC server handles more connections directly, due to a changed replication protocol. Also, AFAIK we have bigger installations than 10k on MySQL. Maybe @MartinK can provide some more information on this. 
  20. Upvote
    MichalJ received kudos from katycomputersystems in Future changes to ESET Security Management Center / ESET Remote Administrator   
    @SysEPr Thank you for your feedback: 
    With regards to the first case, we will investigate this behavior. It looks to me more like a bug in the implementation. We will check this internally.  We are planning to introduce more advanced IFTTT (If this then that)  logic, into ESMC, however it will not happen in ESMC 7.1 for sure. But it´s on the roadmap for the future versions, that will allow you to achieve better automation, and such advanced conditions. 
  21. Upvote
    MichalJ received kudos from Peter Randziak in Future changes to ESET Security Management Center / ESET Remote Administrator   
    @tbsky We are not planning to add mariaDB support. Due to our journey to the cloud and also multi-platform compatibility, we will most likely work on the support of MySQL 8 for next major release of ESMC 
  22. Upvote
    MichalJ received kudos from sindbad in Future changes to ESET Security Management Center / ESET Remote Administrator   
    @sindbad We are already tracking improvements to be able to generate reports based on the license usage (used license). I will extend it with your request.
  23. Upvote
    MichalJ received kudos from katycomputersystems in Future changes to ESET Security Management Center / ESET Remote Administrator   
    @katycomputersystems Functionality to change the group in the computer details is coming back. It was accidentally removed during the redesign.
    @Zen11t We have a project/ feature tracked to globally control all of the interactive windows for the future. I will add your comment to there.
  24. Upvote
    MichalJ received kudos from Peter Randziak in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Thank you @Campbell IT Concerning the "logged users" - all is clear. We are already tracking an improvement for that, so I have added your feedback to it. With regards to the "Detection Engine", would the information about "last update attempt" (= when the application contacted ESET Servers, to check whether there is a newer version of any module) or "last successful update" (= when the application actually downloaded any of the newer modules from ESET Servers, which means it´s working with the latest modules), be sufficient to you?
    In the meantime, logic works, that machine changes its status from updated to non-updated after 7 days, and will report a protection status (red) with "modules out of date". If you are more strict with this, what you can do is to shorten the alert interval down to one day, by configuring a setting in a policy for security product as follows:
     

  25. Upvote
    MichalJ received kudos from Peter Randziak in Future changes to ESET Security Management Center / ESET Remote Administrator   
    We will take this into consideration, but still, due to the relatively low install base of Linux (outside of the VM appliance) it will still remain with a low priority, compared to other things we want to achieve.
×
×
  • Create New...