INDUS_MH
Members-
Posts
15 -
Joined
Everything posted by INDUS_MH
-
Thanks for the response @igi008, I use the on premise Virtual Appliance for Eset Protect. I Agree that SNMP Monitoring is not necessary needed for the Windows or Cloud Protect variants. But the appliance should have an easy way to configure it. The currentway to configure it via the config file is just not User friendly. I will continue to test the Syslog output. So far we tried it with Graylog and Splunk. Both had no plugins or templates for Eset and we had to experiment with the differnt formating options in the Protect Console. For Integrations I looked at products like Splunk, FortiSOC, FortiSIEM, PaloAlto XSOAR etc. For the logs failing, ths was due to the size limit. I had to provide log collector logs for some cases I had open. There it would have been nice to be able to get the necessary logs from the Protect console instead of having to remote in to the users device and manually collect logs. Feel free to directly message me if you want additional information Kind regards
-
Comment for 7: We use the business products and will likely not be extending the subscription. Reasons are the lacking integrations for automation and monitoring tools. SNMP can not be configured via webinterface Syslog logging is not useful (no logs are sent if an endpoint detects malware) I could find no integrations for SIEM, SOAR or SOC solutions. collecting logs from an endpoint via the ESET Protect webinterface fails most of the time.
-
Hello @Marcos I added the HIPS rules from KB6119 and noticed afterward that the powershell can not even be opened, as it always tries to open conhost.exe with it. I set the disallowed child processes from all to just the scripting executables. Maybe the KB6119 needs a small update? Also do you know if Eset intends to add additional HIPS rules to the KB or plans to implement the functionality out of the box? Kind regards Martin
-
Future changes to ESET Endpoint programs
INDUS_MH replied to Aryeh Goretsky's topic in ESET Endpoint Products
Description: Add preconfigured rules for HIPS / Exploit Blocker Detail: Eset does not have alternatives to the full set of rules from Microsoft Defenter Attack Surface Reduction (hxxps://docs.microsoft.com/de-de/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction) but has a KB for adding HIPS Rules for some exploits (KB6119). Request: My suggestion is to take the rules form KB6119, add the missing features from Attack Surface Reduction and add them as preconfigured options to HIPS or Exploit Guard. -
Hello, are the rules from Defender Attack Surface Reduction or equivalent implemented in Eset Endpoint Security? https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction If not, is there any way to enable the rules with Eset enabled? Kind regards Martin
-
Confusion about "Latest application version"
INDUS_MH replied to Anderto's topic in ESET PROTECT On-prem (Remote Management)
8.0.2216.0 is the latest Agent for Linux, 8.0.1238.0 is the latest Agent for Windows The upgrade task references your Eset Protect Server for the latest version. It should automatically select the correct one for each OS. -
Dynamic group for outdated Agents in ESMC?
INDUS_MH replied to PuterCare's topic in ESET PROTECT On-prem (Remote Management)
I don't know how to create that group, but if you send the task to all machines it will skip the ones with the current agent installed. -
Dynamic group for outdated Agents in ESMC?
INDUS_MH replied to PuterCare's topic in ESET PROTECT On-prem (Remote Management)
You currently cannot Update agents via the dashboard, only the Security Software. To update the agents you have to create a upgrade security management center components task and run that on the outdated machines. -
EBA 2Factor Security with different Authenticator Apps
INDUS_MH replied to INDUS_MH's topic in ESET Licensing for Business
Thanks for the reply -
ESET Endpoint Security 8 BETA signup
INDUS_MH replied to Peter Randziak's topic in ESET Beta Products for Business Users
I'm also interested in the Beta Thanks -
Description: Task trigger for x amount of time after joining dynamic groupDetail: Currently a task can be executed immediately when the computer joins a dynamic group or periodically ever x amount of time. I'd like to request an additional trigger to start the task a few iminutes after the computer joins the dynamic group so that it has enough time to check additional tasks e.g scan installed software. We are trying to implement the following procedure to install Endpoint Security: Install Agent -> Computer joins dynamic Group (Windows Desktops) -> Agent scans installed programs to check for conflicting software (other AV software), if conflicting software is found the computer is assigned to a different dynamic group -> if no conflicting software is found Endpoint Security gets installed. The problem I encounter is that when choosing to execute the install task when joining the dynamic group it gets installed before the scan for conflicting software is completed. When I set the trigger to every 30 minutes and a computer joins shortly before the time is up the same happens.