[Customer satisfaction survey 2021]

1 hour ago, igi008 said:

Thank you very much for your message. We are very sorry about that. We would like to improve our product to fit your needs. 

Yes, it is true, but our console is aimed at managing security not for allowing or installing services on OS. However, in some cases, it could be interesting. We have a very powerful task in our console - RUN Command (https://help.eset.com/protect_admin/90/en-US/client_tasks_run_command.html). Theoretically, it may be helpful to enable anything, that is possible through the command line.

Do you use on-prem management console or cloud? In both cases is a bug, because it should work. If you use ESET PROTECT Cloud please could you send us instance ID (you can find it in ESET Business Account - Help on upper-right corner - About)

In general, we support Syslog, events, and structure are described here: https://help.eset.com/protect_cloud/en-US/events-exported-to-json-format.html. Do you prefer specific integration with specific SIEM/SOAR tool?
In the case of specific ESET products like Mail security we have also certified integrations, for example: https://marketplace.microfocus.com/arcsight/content/eset
If something specific for the console is required, we can consider it.

As my colleague already mentioned, there is some limit, but it should be sufficient for almost all cases. Is the size of the log reason for failing? Which log are you trying to collect? Sysinspector, Lgcollector, or Diagnostic Logs?

 

Many thanks for your help and feedback, we appreciate it

Thanks for the response @igi008,

I use the on premise Virtual Appliance for Eset Protect.

I Agree that SNMP Monitoring is not necessary needed for the Windows or Cloud Protect variants. But the appliance should have an easy way to configure it. The currentway to configure it via the config file is just not User friendly.

I will continue to test the Syslog output. So far we tried it with Graylog and Splunk. Both had no plugins or templates for Eset and we had to experiment with the differnt formating options in the Protect Console.

For Integrations I looked at products like Splunk, FortiSOC, FortiSIEM, PaloAlto XSOAR etc. 

For the logs failing, ths was due to the size limit. I had to provide log collector logs for some cases I had open. There it would have been nice to be able to get the necessary logs from the Protect console instead of having to remote in to the users device and manually collect logs.

Feel free to directly message me if you want additional information

Kind regards

 

[Customer satisfaction survey 2021]

Comment for 7:

We use the business products and will likely not be extending the subscription.

Reasons are the lacking integrations for automation and monitoring tools.

 

• SNMP can not be configured via webinterface
• Syslog logging is not useful (no logs are sent if an endpoint detects malware)
• I could find no integrations for SIEM, SOAR or SOC solutions.
• collecting logs from an endpoint via the ESET Protect webinterface fails most of the time.

 

[ESET "Restart Required" has to be restarted from the ESET product not from computer]

Do you have "fast startup" enabled in Windows?

Fast startup causes the computer to not fully shut down/restart.

[Eset Alternative to Microsoft Defender Attack Surface Reduction]

Hello @Marcos

I added the HIPS rules from KB6119 and noticed afterward that the powershell can not even be opened, as it always tries to open conhost.exe with it. I set the disallowed child processes from all to just the scripting executables.

Maybe the KB6119 needs a small update?

Also do you know if Eset intends to add additional HIPS rules to the KB or plans to implement the functionality out of the box?

 

Kind regards

Martin

[Future changes to ESET Endpoint programs]

Description: Add preconfigured rules for HIPS / Exploit Blocker

Detail:  Eset does not have alternatives to the full set of rules from Microsoft Defenter Attack Surface Reduction (hxxps://docs.microsoft.com/de-de/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction) but has a KB for adding HIPS Rules for some exploits (KB6119).

Request: My suggestion is to take the rules form KB6119, add the missing features from Attack Surface Reduction and add them as preconfigured options to HIPS or Exploit Guard.

[Eset Alternative to Microsoft Defender Attack Surface Reduction]

Hello,

are the rules from Defender Attack Surface Reduction or equivalent implemented in Eset Endpoint Security? 
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction

If not, is there any way to enable the rules with Eset enabled?

 

Kind regards

Martin

[Confusion about "Latest application version"]

8.0.2216.0 is the latest Agent for Linux, 8.0.1238.0 is the latest Agent for Windows

The upgrade task references your Eset Protect Server for the latest version. It should automatically select the correct one for each OS.

[Dynamic group for outdated Agents in ESMC?]

I don't know how to create that group, but if you send the task to all machines it will skip the ones with the current agent installed.

[Dynamic group for outdated Agents in ESMC?]

You currently cannot Update agents via the dashboard, only the Security Software.

To update the agents you have to create a upgrade security management center components task and run that on the outdated machines.

[EBA 2Factor Security with different Authenticator Apps]

Thanks for the reply

[EBA 2Factor Security with different Authenticator Apps]

Hello,

today I set up 2 Factor Security for my Eset Business Account and noticed that it didn't work with Google Authenticator.

Is it possible to set it up with a different Authenticator App than the one from Eset?

Kind regards

Martin

[ESET Endpoint Security 8 BETA signup]

I'm also interested in the Beta

 

Thanks

[New Version Notification / RSS Feed]

Sorry if this is not the correct section for this thread.

I got no notifications via RSS Feed or in the ESMC Dashboard for the release of EFSW 7.2 or EES 7.3.2041

There are also no stickied posts for these products.

 

 

 

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

Description: Configure SNMP via Webinterface

Detail:  Currently for the ESMC appliance the only way to configure SNMP is by editing  snmpd.conf.

The default snmpd.conf also has no preconfigured options for SNMP v3 making it even more difficult to securely monitor the ESMC appliance.

[Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)]

Description: Task trigger for x amount of time after joining dynamic group
Detail: Currently a task can be executed immediately when the computer joins a dynamic group or periodically ever x amount of time. I'd like to request an additional trigger to start the task a few iminutes after the computer joins the dynamic group so that it has enough time to check additional tasks e.g scan installed software.

We are trying to implement the following procedure to install Endpoint Security: Install Agent -> Computer joins dynamic Group (Windows Desktops) -> Agent scans installed programs to check for conflicting software (other AV software), if conflicting software is found the computer is assigned to a different dynamic group -> if no conflicting software is found Endpoint Security gets installed. 

The problem I encounter is that when choosing to execute the install task when joining the dynamic group it gets installed before the scan for conflicting software is completed. When I set the trigger to every 30 minutes and a computer joins shortly before the time is up the same happens.