INDUS_MH

Thanks for the response @igi008, I use the on premise Virtual Appliance for Eset Protect. I Agree that SNMP Monitoring is not necessary needed for the Windows or Cloud Protect variants. But the appliance should have an easy way to configure it. The currentway to configure it via the config file is just not User friendly. I will continue to test the Syslog output. So far we tried it with Graylog and Splunk. Both had no plugins or templates for Eset and we had to experiment with the differnt formating options in the Protect Console. For Integrations I looked at products like Splunk, FortiSOC, FortiSIEM, PaloAlto XSOAR etc. For the logs failing, ths was due to the size limit. I had to provide log collector logs for some cases I had open. There it would have been nice to be able to get the necessary logs from the Protect console instead of having to remote in to the users device and manually collect logs. Feel free to directly message me if you want additional information Kind regards

Comment for 7: We use the business products and will likely not be extending the subscription. Reasons are the lacking integrations for automation and monitoring tools. SNMP can not be configured via webinterface Syslog logging is not useful (no logs are sent if an endpoint detects malware) I could find no integrations for SIEM, SOAR or SOC solutions. collecting logs from an endpoint via the ESET Protect webinterface fails most of the time.

Do you have "fast startup" enabled in Windows? Fast startup causes the computer to not fully shut down/restart.

Hello @Marcos I added the HIPS rules from KB6119 and noticed afterward that the powershell can not even be opened, as it always tries to open conhost.exe with it. I set the disallowed child processes from all to just the scripting executables. Maybe the KB6119 needs a small update? Also do you know if Eset intends to add additional HIPS rules to the KB or plans to implement the functionality out of the box? Kind regards Martin

Description: Add preconfigured rules for HIPS / Exploit Blocker Detail: Eset does not have alternatives to the full set of rules from Microsoft Defenter Attack Surface Reduction (hxxps://docs.microsoft.com/de-de/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction) but has a KB for adding HIPS Rules for some exploits (KB6119). Request: My suggestion is to take the rules form KB6119, add the missing features from Attack Surface Reduction and add them as preconfigured options to HIPS or Exploit Guard.

Hello, are the rules from Defender Attack Surface Reduction or equivalent implemented in Eset Endpoint Security? https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction If not, is there any way to enable the rules with Eset enabled? Kind regards Martin

8.0.2216.0 is the latest Agent for Linux, 8.0.1238.0 is the latest Agent for Windows The upgrade task references your Eset Protect Server for the latest version. It should automatically select the correct one for each OS.

I don't know how to create that group, but if you send the task to all machines it will skip the ones with the current agent installed.

You currently cannot Update agents via the dashboard, only the Security Software. To update the agents you have to create a upgrade security management center components task and run that on the outdated machines.

Thanks for the reply

Hello, today I set up 2 Factor Security for my Eset Business Account and noticed that it didn't work with Google Authenticator. Is it possible to set it up with a different Authenticator App than the one from Eset? Kind regards Martin

I'm also interested in the Beta Thanks

Sorry if this is not the correct section for this thread. I got no notifications via RSS Feed or in the ESMC Dashboard for the release of EFSW 7.2 or EES 7.3.2041 There are also no stickied posts for these products.

Description: Configure SNMP via Webinterface Detail: Currently for the ESMC appliance the only way to configure SNMP is by editing snmpd.conf. The default snmpd.conf also has no preconfigured options for SNMP v3 making it even more difficult to securely monitor the ESMC appliance.

Description: Task trigger for x amount of time after joining dynamic groupDetail: Currently a task can be executed immediately when the computer joins a dynamic group or periodically ever x amount of time. I'd like to request an additional trigger to start the task a few iminutes after the computer joins the dynamic group so that it has enough time to check additional tasks e.g scan installed software. We are trying to implement the following procedure to install Endpoint Security: Install Agent -> Computer joins dynamic Group (Windows Desktops) -> Agent scans installed programs to check for conflicting software (other AV software), if conflicting software is found the computer is assigned to a different dynamic group -> if no conflicting software is found Endpoint Security gets installed. The problem I encounter is that when choosing to execute the install task when joining the dynamic group it gets installed before the scan for conflicting software is completed. When I set the trigger to every 30 minutes and a computer joins shortly before the time is up the same happens.