Jump to content

rubencastello90

Members
  • Posts

    20
  • Joined

Everything posted by rubencastello90

  1. Hi thank you all for the answers. So, If I don't misunderstood, one of the biggest points, is that simulators usually creates that files and encrypts them so it's the same process acting with the same files and this can be obviously legit. But in the case I was showing, I copied and pasted 1000 files from file server and then dropped in an updated server on C:\RanSim. So these files were not created by the main process of the simulation. I'm missing something else?
  2. Hello, Some of my clients are being audited by third party pentesters and I noticed that they use powershell scripts in order to simulate RANSOMWARE encryptions and generate panic on them indicating that they were able to encrypt files on computers. Some of those test, have compromised physical the machine, asking the user to leave them 5 min the computer in order to fix it. So, access gain to machine was easy. No point here to investigate. I'm a little bit worried because I tried today on my own with a Windows Server with ESET last version and encryption ended successfully without any alert on ESET. Anything I'm missing up? Used script that found: https://github.com/lawndoc/RanSim License used: Eset protect Entry. Should a superior license like XDR detect it?
  3. Same issue here. Attach logs to have another ones. ees_logs.zip
  4. Hey, updating these days endpoints from version 8.0 to 8.1, I remember that we need a check that enables to notify users that computer will be rebooted to let them save all the work when triggering the task. If we don't mark the option "reboot computer" on updating eset products, we have a lot of warnings asking to reboot computers. It's nice to me to reboot immediately, but users must be warned. Description: Add check to warn users about reboot on updating eset products. Detail: Add the possibility to notify user that computer will be restarted when reboot computer task or update eset products is triggered and let them for example 3-5minutes to save/close programs/data.
  5. Hello @MichalJ, Thanks for reply. For fully integrated I mean not login to differents consoles (2 Tabs on browser) and have all the information for EDR like computers, detections, alarms, tasks, etc... in one place like ESET Protect, were we can remediate immediately or look for problems in CLIENTS at a glance. If detections are shared to ESET Protect it will be a good point to start but ideally EEI menu need to be integrated on ESET Protect I think. Additionaly, info about EDR on clients will be good point. Having multiple consoles, panels or dashboards is a big pain for MSPs trying to deliver cybersecurity to companies due to overhead of having to search information across that panels or send tasks from different ways. We need to simplify it and integrate it I'm saying all of that that because I believe that EDR is a complement or different from EPP and they always are better together, so I don't want to treat it as separate. EPP for prevention and EDR for file-less atacks, behaviour based attacks or targeted attacks. Not like other vendors that sell EDR as magic new NextGenAV. And what about agent? It will be merged to Management agent or EPP? Another question...Can we expect this first phase before summer?
  6. Hello Marcos, Sorry for bothering you again, but do you have more information that can share? I mean, waiting impatiently EEI to come as cloud version, but want to know if it will be integrated on ESET Protect, having a third console (ESET Protect Cloud, ESET Cloud Office Security and ESET Interprise Inspector "Cloud") will be a huge pain for MSPs to track all the network.
  7. Hello, We're a distributor here in Spain that work with ESET solutions for our clients and every day is increasing people who's asking for Patch Management included in ESET Management. Some of them have just look around Internet and are evaluating RMM solutions and don't want to have another console and want it integrated with ESET and some others have been called by other vendors like Panda who have it integrated on console. By Patch Mangement I mean at least that functions: Cumulative Windows Updates Windows Feature updates ( Example: 1909 --> 2004) 3rd Party Software Updates ( Java, Adobe DC, Winrar, Office, ..... ) I know actualy ESET can detect and push Windows Updates but that's not enough, we need more visibility on that. Any updates if that feature is on the RoadMap? ETA? Thanks,
  8. Any update on this? Have you been able to update it through ESET Console?
  9. Hello Marcos, It's possible to know if we can expect EEI Cloud for this year? Thanks,
  10. Thank you all for answering. Sorry for my basic English if something was misunderstood. Yeah I was sure that EDR and ESET Dynamic Thread Defense (EDTD for me :P) where different. Glad to know that a Cloud console for EDR (EEI) is work in progress. Is possible to share more details just about ETA and if it will be integrated with ESET Protect or will be an additional console? Thanks,
  11. Hello, Have been using ESET Products for a long time and love them but now it seems that EDR solutions are becoming very popular and it feels like ESET is not giving so much love to it. I like the move from other products to ESET Protect Cloud but EDR is not integrated on there, still needs on-premises console while other manufacturers have all in cloud integrated. Is planned to integrate EDR on ESET Protect Cloud? Or at least a Cloud console? What are future plans for EDR? Another question is that I have been told by an integrator here in Spain, that Dynamic Threat Defense was the EDR from ESET but I guess that they were wrong. I 'm not agree with this because cloud sandbox (EDTD) needs a file to analyze it's behavior and in the other hand EDR detects suspicious behavior on computers without a file. Can someone share more light on this? I'm wrong?
  12. Updating these days some endpoints, noticed that a lot of computers have a WARNING/ALERT active saying that they need a restart. This alert is called: "Computers needs restart". Checked some random computers and users where shutting down every day computer but the alert/warning was still there. Checking it, uptime was 1-2 weeks too...Why? Fast Boot from Windows 10..... That's a pain in the , you can't disable it through GPO(only via Registry) and users NEVER reboot computer, they only shutdown. How I tried to workaround it? I configured a task to reboot computers Daily at 14h but then complains start because users are NOT notified.... (same when pushing Windows Updates) Description: A new task/setting to reboot computers with a popup message warning, Detail: Add the possibility to notify user that computer will be restarted when reboot computer task is triggered and let them for example 5minutes to save/close programs/data.
  13. Hello, I work for a IT Company that manage multiple ESET Remote Console across many clients and I have a question about how Update Operating System task works and the way that ESET detects Available updates. There are some companies that have good GPO Policies configured from AD and computers, are up-to-date. And there are other companies, that never touched GPO Policies and they don't know anything about updates status on the computers. The big question is, ESET reports that Computer have Available updates to install when.... Windows Update is set to search them automatically. Whatever if Windows Update is configured or not. ESET forces computer to look for them. I think that correct answer is (1), because look at that: What does this number mean? 10.0.19041 = Windows 2004 Version 10.0.19041.572 = Windows 2004 With October 2020 Cumulative Patches. Good! Up-to-date 10.0.19041.508 = Windows 2004 With September 2020 Cumulative Patches. 10.0.19041.450 = Windows 2004 With August 2020 Cumulative Patches. 10.0.19041.388 = Windows 2004 With July 2020 Cumulative Patches. We can see that there are computers outdated. As you can see, all computers are connected to ESMC and ESET is up-to-date, but computers with 10.0.19041.508 or below are outdated but they don't have any warning or alert on the console. That's because ESET only reports if Windows Update looks for that updates and they are pending on computer. Is that right? Ok, then.... as MSP sometimes, I don't have access to that networks, Active Directory, GPO AD Policy editor, etc.... And I want to keep up to date my client computers. From ESET, how can I manage to trigger/scan that updates? Options : Send that command wtih Task "Run Command" reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 1 /f Usoclient.exe StartScan (old wuauclt.exe /detectnow) By the way, is there any improvement planned on that feature? Something like that ESET can edit local machine policy and force automatically updates ( obviously configurable from ESMC Policy). Thanks,
  14. Nice to know. Will be existing clients with ECA migrated automatically to new solution when released? Any ETA?
  15. Description: Patch Management updates ( Microsoft updates && 3rd party vendors) Detail: Would love to see a more detailed module/page on ESMC with more info about installed and pending updates on each device controlled for Microsoft Updates && 3rd Party vendors. Also the feature to control that updates and approve them to install them remotely. I am a MSP and we have many clients that use ESET Endpoint solutions, they are very happy and we push Install Microsoft Updates from ESET (Besides internal GPO) every week to be sure they're applied. But I think we need more control because nowadays this is becoming a headache for very IT Administrator as every week are discovered new vulnerabilities. Each Microsoft monthly patch include maybe 80 fixes!! We need more control over it. And what about 3rd party apps? They are full of vulnerabilities too and other ones still installed while they're end-of-life (Firefox, Chrome, Java, Flash, Winrar, 7-Zip, Adobe....). We need more control over that 3rd party software to and ability to push updates from a central console. Other vendors have similar solutions Acronis: https://www.acronis.com/es-es/resource-center/resource/506/ https://kb.acronis.com/content/62853 Panda Adatpative Defense: https://www.pandasecurity.com/mediacenter/panda-security/patch-management-protect-vulnerabilities/ Trend Micro: https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/virtual-patching-patch-those-vulnerabilities-before-they-can-be-exploited Objective: Avoid risks like that https://www.ghacks.net/2019/02/21/winrar-has-a-critical-security-bug-here-is-the-fix/ Thanks for listening to community :).
  16. Hello, We are a MSP and want to test it, will connect to an existing ESMC v7.2 ?
  17. Hello Michalj, Custom Dynamic Groups are not available on ESET Cloud Administrator. Mobile support Maybe this other one is not Cloud Administrator but, what about Patch Management module? Will love to see that implemented on ESMC..... Love to see that 250 users limit will be breaked. Have a client with 600 devices and that will be a good point.
×
×
  • Create New...