Future changes to ESET Endpoint programs

[Aryeh Goretsky 378]

Hello,

The goal of this message thread is to provide ESET with specific feedback on changes and new features you would like to see in future versions of ESET's Endpoint programs, such as ESET Endpoint Security, ESET Endpoint Antivirus, ESET NOD32 Antivirus for Mac OS X Dekstop and so forth. Please use the following format when providing feedback:

 

Description: A very specific one line description of your feedback.

Detail: A more detailed explanation of your feedback. Please feel free to make this any length, but be sure to use terms everyone can understand. If your suggestion is an extension or update to an existing discussion, please include a link to it in your message.

Here is an example:

Description: OS/390 support

Detail: We use an IBM System/390 at work to run line of business apps and heat our office during the winter. I think ESET should make a version of ESET File Security for OS/390.

You are welcome to discuss the merits of each and every suggestion, but keep your comments on topic, concise and thoughtful. There are other parts of the forum to discuss issues.

NOTE: When making your requests do not make general statements such as "better detection, HIPS, firewall, cleaning, and so forth." ESET's threat researchers constantly examine new threats and release updates to the virus signature database and to the modules in order to improve these functions. If you have a specific feature or functionality you would like to see added (or improved) please post it here, but general requests to "make things better" are not helpful because they do not give ESET detailed enough information. Thank you for your understanding.

Regards,

Aryeh Goretsky

[JAF1979 4]

I am a former Symantec Endpoint user. I switched the whole organization over to ESET Endpoint Security because it was a far better product. But as with all comparable software, there is always something that the other guy has that you wish you had.

Description: Ability to quickly verify that ESET client is reporting back to ERA server.

Detail: With Symantec, the system tray icon is a gold shield that would display a GREEN dot whenever it was reporting to the main server. The green dot would be missing if it was not reporting to the main server. Which was a great visual aid for our end-users to see if their system is checking-in to receive the latest policy updates and definitions. It would be a great feature add-on for ESET to have a similar display icon that visually indicates that the client is checking-in with the ERA server. Perhaps have the "eset-eye" turn a different color when it is connected to the ERA server. See examples below:


Green = Normal, up to date, checked-in to ERA server

 

Blue = Normal and up to date, not reporting to ERA server

 

Red = Problem!! Needs attention!

[drifter104 1]

Description: Eset Policy converter



Detail: On release of version 5, there was a new settings tree in the remote administrator console. Even just to apply the same settings from pre version 5 to a version 5 machine it required manually selecting each option. A converter that applied one versions settings to the next version where possible and alerted to settings that had changed or could not be transferred.

[aehrlich 0]

Description: Linux version of ERAS

Detail: MS licensing terms effectively prohibit running ERAS on a non-server version of Windows (at least, for post-XP). It harms SMBs trying to avoid MS Server + CAL pricing but willing to pay for Windows (usually OEM Windows) endpoint protection.

Edited October 28, 2013 by aehrlich

[JAF1979 4]

Description: The ability to customize notification messages to sites that have been blocked/filtered through ERA policy.

 

Detail: Currently, when an employee is prevented from accessing a site that fits a certain category, for example "Gambling", they see a notice that the site was blocked because it fit the "Gambling" category.  It would be great if we, the IT Admins, were able to customize the warning message that the end user sees. For instance, we could customize the message to "Notify the user that the site they are accessing violates XYZ policy, etc. And to contact the Help Desk should they require further  assistance."

Edited May 1, 2014 by Aryeh Goretsky
message moved from Future Changes to ESS thread

[dino 1]

Description: Ability to use wildcards in paths to block traffic from application/executables
 
Detail: Frequently applications use different installation paths (for example x64 or x86 versions) or allow to run without installation. Wildcards in paths allow to block application regardless of location. 

[LocknetSSmith 6]

Description: Ability to exclude sites from Protocol Filtering by FQDN instead of just IP Address

 

Detail: We have found that in some cases, certain websites need to be excluded from Protocol filtering for the personal firewall in Endpoint Security.  In some cases, finding the IP Address for these sites is very difficult, as some sites use such a wide array of IPs. 

[Arakasi 549]

Description: Ability to exclude sites from Protocol Filtering by FQDN instead of just IP Address

 

Detail: We have found that in some cases, certain websites need to be excluded from Protocol filtering for the personal firewall in Endpoint Security.  In some cases, finding the IP Address for these sites is very difficult, as some sites use such a wide array of IPs. 

 

DNS comes to mind on this request.

[Marcos 5,070]

Description: Ability to exclude sites from Protocol Filtering by FQDN instead of just IP Address

 

It's possible to exclude particular urls under Web protection -> URL address management.

[siljaline 57]

Description: Setup routine under the current software build is too lengthy.

DETAIL: This applies to the new version only. 

 

Redact Helper comment

Edited June 20, 2014 by siljaline

[dwomack 160]

We allow (and encourage) users to help other users. In this particular case, if a user makes a feature request and a user either sees a way the issue causing this feature request can be resolved, we absolutely encourage that user to share their knowledge. There may be other cases where one request sparks an idea for another. That's also acceptable. We're always looking for ways to improve the product and user experience. Anything that brings about positive change is welcomed and should continue to be encouraged.

[Arakasi 549]

Well said Dan.

[dgtlsparks 0]

Description: Hierarchical User control within ESET Remote Administrator

 

Details: Creating users with different read\write permissions exists at a global level, but I'd like to see adding specific users to specific groups to limit the scope of systems they can see within the ERA Console. This would then dove-tail into what data they can see from the web dashboard by limiting the information to the groups that particular user has permissions to access. Likewise, adding some contact information for these users to create an internal address book would be useful as well.

 

Thanks!

[MViktor 0]

Description: Automatic update server selection depending on Zones
Detail: When I'm at my company I want to use internal update server (Profile #1, e.g. 10.170.0.21) to minimalize internet traffic. After work I bring my laptop home but internal update server won't work because the update server is not reachable. In this case would be great the automatic update server selection.

If EES notices I'm not on 10.170.0.0/24 network anymore (or it notices I've left Zone #1 - 10.170.0.0/24), it switches to Profile #2, with SelectedServer="AUTOSELECT" and predefined username and password.

Now I can create multiple update profiles but I have to switch manually when I arrive home.

[Marcos 5,070]

Description: Automatic update server selection depending on Zones

Detail: When I'm at my company I want to use internal update server (Profile #1, e.g. 10.170.0.21) to minimalize internet traffic. After work I bring my laptop home but internal update server won't work because the update server is not reachable. In this case would be great the automatic update server selection.

If EES notices I'm not on 10.170.0.0/24 network anymore (or it notices I've left Zone #1 - 10.170.0.0/24), it switches to Profile #2, with SelectedServer="AUTOSELECT" and predefined username and password.

Now I can create multiple update profiles but I have to switch manually when I arrive home.

 

Already possible via dual update profiles: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3621.

[itman 1,659]

How about providing a single license purchase option? I would like to switch to Endpoint product from Smart Security since the HIPS has options I need. I don't want to buy 5 licenses though to do so.

[HSW 9]

Description: Integration of AD Support (user and computer groups) in ERAS to create simple different dynamic groups and policys
Detail: With this feature it will be easy to manage different policy for example 3 groups for WWW (allowed // some sites allowed // all denied)
  or for USB controll (all allowed // some essets allowed // all denied)
  or for reports (special group of computers -> Software analysis)
  or some exclusion group for a policy
  Also this feature will improve the managment: I can create policys with different settings and AD groups and a "smaler" admin can change only in AD the members of the Group

 

  
Description: changing filtering option in reports
Detail: ATM you can use every filter only 1 time, please change this to create better reports
  For example i want to check new softwareinstallations for today but want to use some exclusions like "Microsoft" "Oracle" "Adobe" .... this is not possible with eras
  i do this over reading in the sql conntent of the eras db but i think over ERAS will be better

 

  
Description: adding reports output
Detail: ATM you can only send by mail as attachment, it will be fine to include this optional as HTML content in the mail to read quicker the details.
  for example we have a report, when a new virus is found, if i see the infos directly i can quicker react to not cleaning cases.

  

Description: better/more optional logging in the client (if you have problems)
Detail: Actual it is not possible the log all scaning processes, we have problems to find some needed exclusions for our DPM process to backup the server.
  Eset scan something and interupt this process, so it will be fine to see what eset scan to exclude this easy.

[davidpitt 4]

Description: I would really like the ability install/Update Endpoints without the clients NIC disconnecting... if that is at all possible?!

 

 

Detail: This way I could roll out updates/installs to to our 75+ individually managed sites much more easily, hopefully silently in the background without the user even knowing it was happening.

 

Having to call the customers to arrange installs/upgrades out of hours is difficult or having them log off their PCs so that no programs are affected during the network disconnect is a real pain. Multiply that over 75+ individual Eset Server setups with a combined total of several thousand PCs and it becomes impossible!

[j-gray 35]

Description: Better method for detecting unmanaged clients
 

Detail: RDS is not a practical solution in environments with multiple LANs, it can't be installed on OS X, and relies on outdated/unsupported software (WinPcap).

 

A simple ping-sweep tool that works across multiple subnets and shows unmanaged clients, or better yet, a dynamic group that does the same so that an agent install task can be run when client joins the group. This would be awesome, especially for OS X where Group Policy automated install is not an option.

[j-gray 35]

Description: Mechanism to force policy refresh on client(s) from ERA console.
 

Detail: There doesn't appear to be a way (that I've found) to force a client to pull a new policy. We either have to wait for the policy refresh interval or create a new policy with a shorter refresh interval and apply it. It would be great to have a right-click option from the ERA console to force an immediate policy refresh.

[MichalJ 434]

Hello j-gray,

What do you mean by "immediate policy refresh"? You mean, that when you have performed some changes in the policy, you want the agent to connect to ERA, and start using the new settings? As of now, a wake-up call is the way. We are planning some changes to how wake-up calls are performed + for the feature we are planning to move towards a push-notification service, meaning the changes would be reflected quicker.

Just a note how it works as of now: As the communication is initiated by client in ERA, agent by default connects every XX minutes, as configured in the policy. Policy will be pulled upon next sync interval. To override the sync interval, you can use the wake up call, but the machine needs to be reachable for a network broadcast.

[j-gray 35]

Hello j-gray,

What do you mean by "immediate policy refresh"? You mean, that when you have performed some changes in the policy, you want the agent to connect to ERA, and start using the new settings? As of now, a wake-up call is the way.

Exactly. Though I view wake-up call more like wake-on-lan, requiring network broadcast, which is not a good practice across multiple subnets.

 

I'm looking for a simple 'send policy' that doesn't require network broadcast. Even if it's a basic command I can run from the client (remotely).

[ekpfix2011 0]

On 6/11/2014 at 2:45 PM, siljaline said:

Description: Setup routine under the current software build is too lengthy.

DETAIL: This applies to the new version only. 

 

Redact Helper comment

This is very true and i hope it changes.

[Mustrum 0]

Description: Multi lingual clients

Detail: A single client containing all languages would be a lot easier to maintenance. Currently one have to create, test and deploy an installer for every single language, not to mention that Windows itself is multi lingual and users of different languages share some computers.

[macphail 0]

Just a comment.  I received the following while trying to add a non-standard domain name to the sender filter,

Error: There were problems with one or more entries.
Illegal value (.loan) for New Email Address/Domain:must be a top-level domain like 'edu' or domain like 'yourdomain.com' or email address like 'you@yourdomain.com'.

Now, I can understand why I would get this, however, spammers aren't playing by the rules so why should we have to be limited in this particular area.  I should be able to block a domain name of 'courtesy.uuggss.loan' which is used on the internet for spammers.

Please change the program so I can enter just about anything in the sender filters.