rubencastello90

Hi thank you all for the answers. So, If I don't misunderstood, one of the biggest points, is that simulators usually creates that files and encrypts them so it's the same process acting with the same files and this can be obviously legit. But in the case I was showing, I copied and pasted 1000 files from file server and then dropped in an updated server on C:\RanSim. So these files were not created by the main process of the simulation. I'm missing something else?

Hello, Some of my clients are being audited by third party pentesters and I noticed that they use powershell scripts in order to simulate RANSOMWARE encryptions and generate panic on them indicating that they were able to encrypt files on computers. Some of those test, have compromised physical the machine, asking the user to leave them 5 min the computer in order to fix it. So, access gain to machine was easy. No point here to investigate. I'm a little bit worried because I tried today on my own with a Windows Server with ESET last version and encryption ended successfully without any alert on ESET. Anything I'm missing up? Used script that found: https://github.com/lawndoc/RanSim License used: Eset protect Entry. Should a superior license like XDR detect it?

Same issue here. Attach logs to have another ones. ees_logs.zip

Hey, updating these days endpoints from version 8.0 to 8.1, I remember that we need a check that enables to notify users that computer will be rebooted to let them save all the work when triggering the task. If we don't mark the option "reboot computer" on updating eset products, we have a lot of warnings asking to reboot computers. It's nice to me to reboot immediately, but users must be warned. Description: Add check to warn users about reboot on updating eset products. Detail: Add the possibility to notify user that computer will be restarted when reboot computer task or update eset products is triggered and let them for example 3-5minutes to save/close programs/data.

Thank you for feedback Adam.

Hello @MichalJ, Thanks for reply. For fully integrated I mean not login to differents consoles (2 Tabs on browser) and have all the information for EDR like computers, detections, alarms, tasks, etc... in one place like ESET Protect, were we can remediate immediately or look for problems in CLIENTS at a glance. If detections are shared to ESET Protect it will be a good point to start but ideally EEI menu need to be integrated on ESET Protect I think. Additionaly, info about EDR on clients will be good point. Having multiple consoles, panels or dashboards is a big pain for MSPs trying to deliver cybersecurity to companies due to overhead of having to search information across that panels or send tasks from different ways. We need to simplify it and integrate it I'm saying all of that that because I believe that EDR is a complement or different from EPP and they always are better together, so I don't want to treat it as separate. EPP for prevention and EDR for file-less atacks, behaviour based attacks or targeted attacks. Not like other vendors that sell EDR as magic new NextGenAV. And what about agent? It will be merged to Management agent or EPP? Another question...Can we expect this first phase before summer?

Hello Marcos, Sorry for bothering you again, but do you have more information that can share? I mean, waiting impatiently EEI to come as cloud version, but want to know if it will be integrated on ESET Protect, having a third console (ESET Protect Cloud, ESET Cloud Office Security and ESET Interprise Inspector "Cloud") will be a huge pain for MSPs to track all the network.

Done it. Any clue can share here?

Hello, We're a distributor here in Spain that work with ESET solutions for our clients and every day is increasing people who's asking for Patch Management included in ESET Management. Some of them have just look around Internet and are evaluating RMM solutions and don't want to have another console and want it integrated with ESET and some others have been called by other vendors like Panda who have it integrated on console. By Patch Mangement I mean at least that functions: Cumulative Windows Updates Windows Feature updates ( Example: 1909 --> 2004) 3rd Party Software Updates ( Java, Adobe DC, Winrar, Office, ..... ) I know actualy ESET can detect and push Windows Updates but that's not enough, we need more visibility on that. Any updates if that feature is on the RoadMap? ETA? Thanks,

Any update on this? Have you been able to update it through ESET Console?

Hello Marcos, It's possible to know if we can expect EEI Cloud for this year? Thanks,

Thank you all for answering. Sorry for my basic English if something was misunderstood. Yeah I was sure that EDR and ESET Dynamic Thread Defense (EDTD for me :P) where different. Glad to know that a Cloud console for EDR (EEI) is work in progress. Is possible to share more details just about ETA and if it will be integrated with ESET Protect or will be an additional console? Thanks,

Hello, Have been using ESET Products for a long time and love them but now it seems that EDR solutions are becoming very popular and it feels like ESET is not giving so much love to it. I like the move from other products to ESET Protect Cloud but EDR is not integrated on there, still needs on-premises console while other manufacturers have all in cloud integrated. Is planned to integrate EDR on ESET Protect Cloud? Or at least a Cloud console? What are future plans for EDR? Another question is that I have been told by an integrator here in Spain, that Dynamic Threat Defense was the EDR from ESET but I guess that they were wrong. I 'm not agree with this because cloud sandbox (EDTD) needs a file to analyze it's behavior and in the other hand EDR detects suspicious behavior on computers without a file. Can someone share more light on this? I'm wrong?

Added a feature request here but I hope it will we the same console:

Updating these days some endpoints, noticed that a lot of computers have a WARNING/ALERT active saying that they need a restart. This alert is called: "Computers needs restart". Checked some random computers and users where shutting down every day computer but the alert/warning was still there. Checking it, uptime was 1-2 weeks too...Why? Fast Boot from Windows 10..... That's a pain in the , you can't disable it through GPO(only via Registry) and users NEVER reboot computer, they only shutdown. How I tried to workaround it? I configured a task to reboot computers Daily at 14h but then complains start because users are NOT notified.... (same when pushing Windows Updates) Description: A new task/setting to reboot computers with a popup message warning, Detail: Add the possibility to notify user that computer will be restarted when reboot computer task is triggered and let them for example 5minutes to save/close programs/data.