Administrators Marcos 5,243 Posted December 8, 2017 Administrators Share Posted December 8, 2017 37 minutes ago, macphail said: Just a comment. I received the following while trying to add a non-standard domain name to the sender filter Please create a new topic for this. It sounds rather like a bug than something to be improved in future versions. Also provide a screen shot of the window where you enter the email address since I have no clue what you mean by "sender filter". I was able to enter an email address with the "loan" TLD in the smtp notifications setup. Quote Link to comment Share on other sites More sharing options...
Glitch 3 Posted December 16, 2017 Share Posted December 16, 2017 1. Make micro updates work with eset products later than 6.5 as micro updates don’t work on version 6.6. 2. When sending a block policy to the endpoint via era you first have to clear the local cache else it will not work Which is strange and very cumbersome when adding a block rule to 100 endpoints. The other way around is just the same when removing the block in the era it is not removed from the endpoint. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted December 16, 2017 Administrators Share Posted December 16, 2017 3 hours ago, Glitch said: 1. Make micro updates work with eset products later than 6.5 as micro updates don’t work on version 6.6. 2. When sending a block policy to the endpoint via era you first have to clear the local cache else it will not work Which is strange and very cumbersome when adding a block rule to 100 endpoints. The other way around is just the same when removing the block in the era it is not removed from the endpoint. 1, What purpose do you use micro updates for? Do you use them on ships with an expensive satellite connection? 2, What block policy do you mean? Also what do you mean by "clearing local cache"? Do you want to block particular urls via the url management or Web control? Quote Link to comment Share on other sites More sharing options...
Glitch 3 Posted December 16, 2017 Share Posted December 16, 2017 Indeed via satellite 10usd per MB. I Mean the webcontrol to block for example YouTube. We have tried this in our office and we found out that we have to clear the cache of chrome (or any webbrowser) before the block is actually working if you don’t clear the cache of your browser you can still visit YouTube. When you want to remove the block you have to do the same again but now in the ESET client itself as the block even when removed from the era policy will stay in place. Maybe this is more as a bug this part although our local ESET distributor told us this is how it works. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted January 4, 2018 Administrators Share Posted January 4, 2018 Quote Nice thread, I have tens of comments to ERA server / functions. ERA is not user friendly in most cases.... @Jaroslav Mixa Your post along with our response was moved here: https://forum.eset.com/topic/14271-future-changes-to-eset-remote-administrator/ Quote Link to comment Share on other sites More sharing options...
Markwd 1 Posted August 31, 2018 Share Posted August 31, 2018 Hi, Not sure if this is the right topic for this, but why does the consumer version (Smart Security) have options for anti theft, while the business products don't offer this feature? In most cases the data on business laptops are way more valuable for users than data on consumer laptops. It would be great if Endpoint Security could have Anti Theft which could be managed by ESMC and also is accessible for the laptop owner through https://anti-theft.eset.com Quote Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted August 31, 2018 ESET Staff Share Posted August 31, 2018 @Markwd Hello, there are two reasons. Anti-theft in consumer is focused on device retrieval, not on the data security (no possibility to wipe the disk on the device). Also, the implementation capable of tracking screenshots / photos of the users, might violate a lot of corporate laws / regulations. If Anti-theft is introduced into the business versions, it will have to behave differently. If I can ask you a question, what kind of a problem you would like to solve with it? Would it be intended for device recovery, or more a data removal / prevention of misuse ? droezel 1 Quote Link to comment Share on other sites More sharing options...
Markwd 1 Posted August 31, 2018 Share Posted August 31, 2018 @MichalJ For business proposal I would say data removal and data loss prevention would be the main reason. A possibilty to report the laptop as stolen (through a task in ESMC) so the person who then has the laptop, cannot use it and will be notified how to contact the owner of the laptop. Tracking down the laptop or making screenshots and/or photo's by webcam would not be priority (and I can imagine this is violating at least the GDPR rules). droezel 1 Quote Link to comment Share on other sites More sharing options...
ShaneDT 13 Posted September 3, 2018 Share Posted September 3, 2018 Can we please have the same email account settings in client policies as are available in Server Settings in ERA/ESMC. Currently we can't use Office 365, Hotmail (etc), gmail accounts for notifications from endpoints. I've tried with yahoo which only works some of the time. I'm sure there are other online smtp relay servers and accounts that may work, but the most common for most small businesses would be Office 365 and to a lesser extent Google. I know I can create notifications in ERA/ESMC, but of course these are delayed based on the how long the agent connect interval is set to. Quote Link to comment Share on other sites More sharing options...
stevemaser 2 Posted December 3, 2018 Share Posted December 3, 2018 (edited) Description: For the Mac version of ESET, the "alert" settings should be global settings and not per-user settings. Details: We are one of the orgs moving from SCEP to ESET for now and *not* using the ERA (as we would prefer not to have to spin up yet-another-server for this.) Apparently all the Preferences --> User --> Alerts and Notification settings are stored within a ~/.esets/gui.cfg file. This is a problem -- especially for the "Protection Statuses" Alerts. We need to be able to turn those off globally -- especially for computer labs where local student accounts are wiped from computers soon after they log out. We (as computer administrators) should be able to set these globally for all users without having to massage a file into each user account every time somebody new logs into the computer. It's nice to see that ESETs has more notifications than SCEP, but end users in a computer lab do not need to get an alert that "operating system is not up to date" (for example) when we control OS patch releases. Edited December 4, 2018 by stevemaser AlexW 1 Quote Link to comment Share on other sites More sharing options...
Nathan Fishback 0 Posted January 9, 2019 Share Posted January 9, 2019 @stevemaser have a look at the solution from this page: https://soundmacguy.wordpress.com/2018/12/04/hello-eset-endpoint-antivirus-deployment-management-and-migrating-from-scep/ I'm in the same situation as you are. It would be great if this were simpler. I hate running scripts that monitor for new users to inject stuff like this. But this is the best solution I've found at the moment, and it's working well for me to configure it for existing and new users. Outside of an issue with Mojave's PPC asking for full disk access with the v6.7.500, but that's a separate issue. I'm more than a little surprised though, that the default config would be to have a dock icon for the client that could be easily closed by a simple click. Quote Link to comment Share on other sites More sharing options...
neilmartin83 1 Posted January 15, 2019 Share Posted January 15, 2019 Heya @Nathan Fishback, 6.7.600 is out now and fixes the TCC stuff as well as kernel panics and other things. Glad the blog post helped you out! Quote Link to comment Share on other sites More sharing options...
Sam Fonteno 3 Posted January 18, 2019 Share Posted January 18, 2019 Description: Web control policy - Blocked webpage message: customization append/prepend/replace Detail: The Policy's "Blocked webpage message" setting allows either: blank, which causes the "Blocked" page to the default string telling why the page was blocked (Category or URL), or a custom string, which replaces that default string. But setting a custom string prevents the display of the reason for the block, guiding the user toward faster resolution in case of a/an (effectively; for the organization) false-positive. It would be nice if the policy allowed for the custom string to either: append or prepend to the default message, or replace the default message, and include the reason for the block (e.g. a variable we can include). Quote Link to comment Share on other sites More sharing options...
Sam Fonteno 3 Posted January 19, 2019 Share Posted January 19, 2019 (edited) Description: Web control policy - Blocked webpage graphic - customizable dimensions Detail: The Web control page says, and tests confirm that, a custom graphic is scaled to 90px x 30px. That's really small, and prevents usage of a lot of graphics, especially ones containing circles. Can we have option(s) for: square/rectangle or, scaling percentage, or custom values Edited January 19, 2019 by Sam Fonteno Zen11t 1 Quote Link to comment Share on other sites More sharing options...
Sam Fonteno 3 Posted February 13, 2019 Share Posted February 13, 2019 Description: Policy settings reverse-lookup Detail: The ability in SMC/Endpoint Security to see which policy is responsible for which setting in effect on the computer. Basically something like a GPRESULT report available for diagnosing Active Directory Group Policy Objects's effects. A very simple example of that is shown here: https://4sysops.com/wp-content/uploads/2012/02/gpresult.exe-HTML-output.png dylanm and pps 2 Quote Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted February 15, 2019 ESET Staff Share Posted February 15, 2019 @Sam Fonteno Thank you for reporting. This is already in our backlog. However the task itself is quite expensive, due to the current logic of how policies are merged and how the resulting configuration is applied. However, we are aiming to get it resolved eventually, however I can´t as of comment on a time-frame for it. Quote Link to comment Share on other sites More sharing options...
Manfred123 0 Posted April 16, 2019 Share Posted April 16, 2019 Description: EEA e-mail SSL filtering with shared certificates Detail: Some ISPs offer access to e-mail services on their servers through their customer's server domain name (e.g. mail.customerdomain.com), while in fact the mail service is hosted on one of the ISP servers (e.g. mail.ispdomain.com). This results in the server certificate to be provided with CN=mail.ispdomain.com, as a response to a request to mail.customerdomain.com. The motivation (reported) is that the certificate is shared among the mail service names managed by the ISP. This can generate a name mismatch exception on some clients - namely on Thunderbird, but possibly on others too. Thunderbird deals with this by allowing to store an exception for the involved certificate (it remembers to accept the certificate for mail.customerdomain.com). The problem arises with ESET SSL filtering when the filter modifies the certificate by adding its signature, since this signature appears to change on a daily basis (or even more frequently) - apparently whenever the threat database is updated. This continuous change of the signature voids Thunderbird storing the exception (because each time it is presented with a different certificate), and results in the user to be continuously notified of a name mismatch. I reported this behavior in the forum, and i have been advised to store an exception in EEA so as to "allow" the certificate and "ignore" the scan action on the associated channel - this should result in the server certificate to be forwarded untouched to the client. But, I see two problems with this: 1) "allow" + "ignore" does not seem to behave as described: even if EEA is configured this way, the first time Thunderbird connects to the server after system startup, it gets a certificate that is re-signed by ESET. This means that in a common usage scenario the user is still notified of the exception every day. 2) Even if EEA were to behave as expected, configuring to "ignore" scanning of the e-mail stream voids the threat scan on that channel, as far as I understand. Would it be possible some improvement on this? e.g. by allowing "scan" for known certificates while still forwarding the certificate untouched to the client? (and BTW have "ignore" actually ignore even on first access?) Quote Link to comment Share on other sites More sharing options...
mirkt 0 Posted September 4, 2019 Share Posted September 4, 2019 Description: Warn about unsupported (EOL) endpoints' OS versions Detail: It would be nice to see warnings in ESMC when client's OS version is unsupported (end of life, end of service). Now you can get false sense that everything is OK, when a client's OS is obsolete/unsupported/outdated.. For example, Windows 10 unsupported release or Windows 7 after 2020-01: https://support.microsoft.com/lt-lt/help/13853/windows-lifecycle-fact-sheet There is a warning "Windows updates available" in EMSC, but you will not see it when using internal WSUS with unapproved updates (for example, unapproved Windows 10 Feature Update..). That applies to Linux distributions as well.. Quote Link to comment Share on other sites More sharing options...
schuetzdentalCB 8 Posted October 12, 2019 Share Posted October 12, 2019 Description: Automatic Client Isolation Detail: So if ESET Performs a System Scan and finds an infected process which was not recognized before, it could automatically block every kind of network action of this infected client. (internal and external network traffic). - And send some Information about the outbrea to the Eset Management Platform. Quote Link to comment Share on other sites More sharing options...
schuetzdentalCB 8 Posted October 22, 2019 Share Posted October 22, 2019 Something else which would be awesome is some kind of Application Whitelisting Function. - Like Windows AppLocker or this McAfee Application Control which allows Whitelisting Applications and deny everything else on a client system to run. Quote Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted October 22, 2019 ESET Staff Share Posted October 22, 2019 (edited) @schuetzdentalCB Thank you for your feedback. With regards to the automated network isolation, something like that (possibility to trigger network isolation from the console) is being added in ESMC 7.1 / Endpoint 7.2 for Windows. We plan to further expand this concept to allow autonomous response in the future. With regards to the application whitelisting, this is a bit more tricky topic. However it is on our long term roadmap. I will link your comment to the already tracked internal IDEA. Internal tracking IDEA-1510 Edited October 22, 2019 by MichalJ schuetzdentalCB 1 Quote Link to comment Share on other sites More sharing options...
tbsky 11 Posted November 6, 2019 Share Posted November 6, 2019 On 10/22/2019 at 4:23 PM, MichalJ said: @schuetzdentalCB (possibility to trigger network isolation from the console) is being added in ESMC 7.1 / Endpoint 7.2 for Windows. We plan to further expand this concept to allow autonomous response in the future. Previously ESMC 7.1 / Endpoint 7.2 was planned for 19H2. but since there are no beta out yet, I assume the plan was canceled/delayed? Quote Link to comment Share on other sites More sharing options...
ESET Staff igi008 23 Posted November 6, 2019 ESET Staff Share Posted November 6, 2019 5 hours ago, tbsky said: Previously ESMC 7.1 / Endpoint 7.2 was planned for 19H2. but since there are no beta out yet, I assume the plan was canceled/delayed? Hello tbsky, thank you very much for your post, don't worry, we plan to release mentioned versions in the middle of November. Stay tuned! schuetzdentalCB 1 Quote Link to comment Share on other sites More sharing options...
tbsky 11 Posted November 7, 2019 Share Posted November 7, 2019 17 hours ago, igi008 said: Hello tbsky, thank you very much for your post, don't worry, we plan to release mentioned versions in the middle of November. Stay tuned! that's a great news. we are waiting for it. thanks a lot! schuetzdentalCB 1 Quote Link to comment Share on other sites More sharing options...
Benjamin82 2 Posted January 19, 2020 Share Posted January 19, 2020 I will second the suggestion to add some sort of Application Control/Whitelisting feature. I know you mentioned it's on the longer term roadmap, but I'm not sure what that timeline looks like. Application whitelisting is becoming a preferred endpoint control, in fact, the Australian ASD emphasizes it in their "Essential Eight" controls (https://www.cyber.gov.au/publications/essential-eight-explained). I've used Microsoft's built in Software Restriction Policies, and while those still generally work, they are no longer being actively developed/supported by Microsoft. Applocker is the suggested replacement, but that's only available in Enterprise, which is very costly to license, so many small to medium sized business use Windows Pro. Application control is also becoming a common feature in business endpoint products. I reviewed several of the main business endpoint vendors, and it's included in some fashion by the following: Symantec Endpoint Protection McAfee Trend Micro Worry-free Services Kaspersky ("Trusted Applications Mode") Bitdefender F-secure PSB I like the configurability that HIPS offers, but it cannot quite replicate the "default deny" capabilities of a whitelisting approach. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.