Jump to content

Future changes to ESET Endpoint programs


Recommended Posts

  • Administrators
37 minutes ago, macphail said:

Just a comment.  I received the following while trying to add a non-standard domain name to the sender filter

Please create a new topic for this. It sounds rather like a bug than something to be improved in future versions. Also provide a screen shot of the window where you enter the email address since I have no clue what you mean by "sender filter". I was able to enter an email address with the "loan" TLD in the smtp notifications setup.

Link to comment
Share on other sites

1. Make micro updates work with eset products later than 6.5 as micro updates don’t work on version 6.6.

2. When sending a block policy to the endpoint via era you first have to clear the local cache else it will not work Which is strange and very cumbersome when adding a block rule to 100 endpoints. The other way around is just the same when removing the block in the era it is not removed from the endpoint.

Link to comment
Share on other sites

  • Administrators
3 hours ago, Glitch said:

1. Make micro updates work with eset products later than 6.5 as micro updates don’t work on version 6.6.

2. When sending a block policy to the endpoint via era you first have to clear the local cache else it will not work Which is strange and very cumbersome when adding a block rule to 100 endpoints. The other way around is just the same when removing the block in the era it is not removed from the endpoint.

1, What purpose do you use micro updates for? Do you use them on ships with an expensive satellite connection?

2, What block policy do you mean? Also what do you mean by "clearing local cache"? Do you want to block particular urls via the url management or Web control?

 

Link to comment
Share on other sites

Indeed via satellite 10usd per MB.

I Mean the webcontrol to block for example YouTube. We have tried this in our office and we found out that we have to clear the cache of chrome (or any webbrowser) before the block is actually working if you don’t clear the cache of your browser you can still visit YouTube. When you want to remove the block you have to do the same again but now in the ESET client itself as the block even when removed from the era policy will stay in place. Maybe this is more as a bug this part although our local ESET distributor told us this is how it works.

Link to comment
Share on other sites

  • Marcos pinned this topic
  • Administrators
Quote

Nice thread, I have tens of comments to ERA server / functions. ERA is not user friendly in most cases.... 

@Jaroslav Mixa Your post along with our response was moved here: https://forum.eset.com/topic/14271-future-changes-to-eset-remote-administrator/

 

Link to comment
Share on other sites

  • 2 weeks later...

Hi,

 

Not sure if this is the right topic for this, but why does the consumer version (Smart Security) have options for anti theft, while the business products don't offer this feature? In most cases the data on business laptops are way more valuable for users than data on consumer laptops. It would be great if Endpoint Security could have Anti Theft which could be managed by ESMC and also is accessible for the laptop owner through https://anti-theft.eset.com

Link to comment
Share on other sites

  • ESET Staff

@Markwd Hello, there are two reasons. Anti-theft in consumer is focused on device retrieval, not on the data security (no possibility to wipe the disk on the device). Also, the implementation capable of tracking screenshots / photos of the users, might violate a lot of corporate laws / regulations. If Anti-theft is introduced into the business versions, it will have to behave differently. If I can ask you a question, what kind of a problem you would like to solve with it? Would it be intended for device recovery, or more a data removal / prevention of misuse ?

Link to comment
Share on other sites

@MichalJ For business proposal I would say data removal and data loss prevention would be the main reason. A possibilty to report the laptop as stolen (through a task in ESMC) so the person who then has the laptop, cannot use it and will be notified how to contact the owner of the laptop.

Tracking down the laptop or making screenshots and/or photo's by webcam would not be priority (and I can imagine this is violating at least the GDPR rules).

Link to comment
Share on other sites

Can we please have the same email account settings in client policies as are available in Server Settings in ERA/ESMC.

Currently we can't use Office 365, Hotmail (etc), gmail accounts for notifications from endpoints. I've tried with yahoo which only works some of the time. I'm sure there are other online smtp relay servers and accounts that may work, but the most common for most small businesses would be Office 365 and to a lesser extent Google.

I know I can create notifications in ERA/ESMC, but of course these are delayed based on the how long the agent connect interval is set to.

Link to comment
Share on other sites

  • 3 months later...

Description:   For the Mac version of ESET, the "alert" settings should be global settings and not per-user settings.

 

Details:  We are one of the orgs moving from SCEP to ESET for now and *not* using the ERA (as we would prefer not to have to spin up yet-another-server for this.)    Apparently all the Preferences --> User --> Alerts and Notification settings are stored within a ~/.esets/gui.cfg file.   This is a problem -- especially for the "Protection Statuses" Alerts.    We need to be able to turn those off globally -- especially for computer labs where local student accounts are wiped from computers soon after they log out.   We (as computer administrators) should be able to set these globally for all users without having to massage a file into each user account every time somebody new logs into the computer.

It's nice to see that ESETs has more notifications than SCEP, but end users in a computer lab do not need to get an alert that "operating system is not up to date" (for example) when we control OS patch releases.

Edited by stevemaser
Link to comment
Share on other sites

  • 1 month later...

@stevemaser have a look at the solution from this page:  https://soundmacguy.wordpress.com/2018/12/04/hello-eset-endpoint-antivirus-deployment-management-and-migrating-from-scep/

I'm in the same situation as you are.  It would be great if this were simpler.  I hate running scripts that monitor for new users to inject stuff like this.  But this is the best solution I've found at the moment, and it's working well for me to configure it for existing and new users.  Outside of an issue with Mojave's PPC asking for full disk access with the v6.7.500, but that's a separate issue. 

I'm more than a little surprised though, that the default config would be to have a dock icon for the client that could be easily closed by a simple click.  

Link to comment
Share on other sites

Description: Web control policy - Blocked webpage message: customization append/prepend/replace

Detail: The Policy's "Blocked webpage message" setting allows either:

  • blank, which causes the "Blocked" page to the default string telling why the page was blocked (Category or URL), or
  • a custom string, which replaces that default string.

But setting a custom string prevents the display of the reason for the block, guiding the user toward faster resolution in case of a/an (effectively; for the organization) false-positive.

It would be nice if the policy allowed for the custom string to either:

  • append or prepend to the default message, or
  • replace the default message, and include the reason for the block (e.g. a variable we can include).
Link to comment
Share on other sites

Description: Web control policy - Blocked webpage graphic - customizable dimensions

Detail: The Web control page says, and tests confirm that, a custom graphic is scaled to 90px x 30px.

That's really small, and prevents usage of a lot of graphics, especially ones containing circles.

Can we have option(s) for:

  • square/rectangle or,
  • scaling percentage, or
  • custom values
Edited by Sam Fonteno
Link to comment
Share on other sites

  • 4 weeks later...

Description: Policy settings reverse-lookup

Detail: The ability in SMC/Endpoint Security to see which policy is responsible for which setting in effect on the computer.
Basically something like a GPRESULT report available for diagnosing Active Directory Group Policy Objects's effects.
A very simple example of that is shown here: https://4sysops.com/wp-content/uploads/2012/02/gpresult.exe-HTML-output.png

Link to comment
Share on other sites

  • ESET Staff

@Sam Fonteno Thank you for reporting.  This is already in our backlog. However the task itself is quite expensive, due to the current logic of how policies are merged and how the resulting configuration is applied. However, we are aiming to get it resolved eventually, however I can´t as of comment on a time-frame for it. 

Link to comment
Share on other sites

  • 2 months later...

Description: EEA e-mail SSL filtering with shared certificates

Detail: Some ISPs offer access to e-mail services on their servers through their customer's server domain name (e.g. mail.customerdomain.com), while in fact the mail service is hosted on one of the ISP servers (e.g. mail.ispdomain.com).

This results in the server certificate to be provided with CN=mail.ispdomain.com, as a response to a request to mail.customerdomain.com. The motivation (reported) is that the certificate is shared among the mail service names managed by the ISP. This can generate a name mismatch exception on some clients - namely on Thunderbird, but possibly on others too. Thunderbird deals with this by allowing to store an exception for the involved certificate (it remembers to accept the certificate for mail.customerdomain.com).

The problem arises with ESET SSL filtering when the filter modifies the certificate by adding its signature, since this signature appears to change on a daily basis (or even more frequently) - apparently whenever the threat database is updated. This continuous change of the signature voids Thunderbird storing the exception (because each time it is presented with a different certificate), and results in the user to be continuously notified of a name mismatch.

I reported this behavior in the forum, and i have been advised to store an exception in EEA so as to "allow" the certificate and "ignore" the scan action on the associated channel - this should result in the server certificate to be forwarded untouched to the client.

But, I see two problems with this:

1) "allow" + "ignore" does not seem to behave as described: even if EEA is configured this way, the first time Thunderbird connects to the server after system startup, it gets a certificate that is re-signed by ESET. This means that in a common usage scenario the user is still notified of the exception every day.

2) Even if EEA were to behave as expected, configuring to "ignore" scanning of the e-mail stream voids the threat scan on that channel, as far as I understand.

Would it be possible some improvement on this? e.g. by allowing "scan" for known certificates while still forwarding the certificate untouched to the client?

(and BTW have "ignore" actually ignore even on first access?)

Link to comment
Share on other sites

  • 4 months later...

Description: Warn about unsupported (EOL) endpoints' OS versions

Detail:  It would be nice to see warnings in ESMC when client's OS version is unsupported (end of life, end of service). Now you can get false sense that everything is OK, when a client's OS is obsolete/unsupported/outdated.. For example, Windows 10 unsupported release or Windows 7 after 2020-01:
https://support.microsoft.com/lt-lt/help/13853/windows-lifecycle-fact-sheet

There is a warning "Windows updates available" in EMSC, but you will not see it when using internal WSUS with unapproved updates (for example, unapproved Windows 10 Feature Update..).

That applies to Linux distributions as well..

 

 

Link to comment
Share on other sites

  • 1 month later...

Description: Automatic Client Isolation 

Detail: So if ESET Performs a System Scan and finds an infected process which was not recognized before, it could automatically block every kind of network action of this infected client. (internal and external network traffic). - And send some Information about the outbrea to the Eset Management Platform.

Link to comment
Share on other sites

  • 2 weeks later...

Something else which would be awesome is some kind of Application Whitelisting Function. - Like Windows AppLocker or this McAfee Application Control which allows Whitelisting Applications and deny everything else on a client system to run.

Link to comment
Share on other sites

  • ESET Staff

@schuetzdentalCB Thank you for your feedback. With regards to the automated network isolation, something like that (possibility to trigger network isolation from the console) is being added in ESMC 7.1 / Endpoint 7.2 for Windows. We plan to further expand this concept to allow autonomous response in the future. 

With regards to the application whitelisting, this is a bit more tricky topic. However it is on our long term roadmap. I will link your comment to the already tracked internal IDEA. Internal tracking IDEA-1510

Edited by MichalJ
Link to comment
Share on other sites

  • 2 weeks later...
On 10/22/2019 at 4:23 PM, MichalJ said:

@schuetzdentalCB (possibility to trigger network isolation from the console) is being added in ESMC 7.1 / Endpoint 7.2 for Windows. We plan to further expand this concept to allow autonomous response in the future.

Previously ESMC 7.1 / Endpoint 7.2 was planned for 19H2. but since there are no beta out yet, I assume the plan was canceled/delayed?

Link to comment
Share on other sites

  • ESET Staff
5 hours ago, tbsky said:

Previously ESMC 7.1 / Endpoint 7.2 was planned for 19H2. but since there are no beta out yet, I assume the plan was canceled/delayed?

Hello tbsky, thank you very much for your post, don't worry, we plan to release mentioned versions in the middle of November. Stay tuned!

Link to comment
Share on other sites

17 hours ago, igi008 said:

Hello tbsky, thank you very much for your post, don't worry, we plan to release mentioned versions in the middle of November. Stay tuned!

that's a great news. we are waiting for it. thanks a lot!

Link to comment
Share on other sites

  • 2 months later...

I will second the suggestion to add some sort of Application Control/Whitelisting feature.  I know you mentioned it's on the longer term roadmap, but I'm not sure what that timeline looks like.  Application whitelisting is becoming a preferred endpoint control, in fact, the Australian ASD emphasizes it in their "Essential Eight" controls (https://www.cyber.gov.au/publications/essential-eight-explained).  I've used Microsoft's built in Software Restriction Policies, and while those still generally work, they are no longer being actively developed/supported by Microsoft.  Applocker is the suggested replacement, but that's only available in Enterprise, which is very costly to license, so many small to medium sized business use Windows Pro.  Application control is also becoming a common feature in business endpoint products.  I reviewed several of the main business endpoint vendors, and it's included in some fashion by the following:

Symantec Endpoint Protection

McAfee

Trend Micro Worry-free Services

Kaspersky ("Trusted Applications Mode")

Bitdefender

F-secure PSB

I like the configurability that HIPS offers, but it cannot quite replicate the "default deny" capabilities of a whitelisting approach.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...