Jump to content

Future changes to ESET Endpoint programs


Recommended Posts

36 minutes ago, Benjamin82 said:

I like the configurability that HIPS offers, but it cannot quite replicate the "default deny" capabilities of a whitelisting approach.

I for one have previously posted a modification recommendation to existing HIPS learning mode processing that would only create startup rules for existing processes versus recording every activity a process is performing. The later in effect makes overall HIPS rule review unmanageable.

One of the problems with whitelisting is to be effective it is hash based. Given the frequency of OS and app updating, maintenance of whitelisted processes is problematic. Trusted Publisher exclusion capability is not secure since it is certificate based and well, it really can't be trusted anymore these days.

Edited by itman
Link to comment
Share on other sites

  • 1 month later...

Please consider moving Override mode button from advanced settings into general settings area.

All our ESET Endpoint clients have password protected settings (password known only to IT support staff). At the moment in order to be able to use Override mode I'd have to either remove the password (not an option) or reveal the password to at least some users (also not an option). From my point of view it makes no sense...

In our office all external devices are blocked by default by an appropriate policy. I have a couple of users who should be able to work with removable media but:
1) their settings must be password protected
2) I need them to allow specific removable media manually in Endpoint (thus making sure that it's correct AD user and he deliberately allows some particular USB stick he needs)
3) I need to be sure that user won't forget to activate device control after he finishes his work with removable media

This could be achieved with activating Override mode for particular AD user for short period of time. The user would have to activate it manually, won't have to remember to deactivate it, won't have to know advanced settings password (meaning wouldn't be able to change something permanently).

Link to comment
Share on other sites

  • ESET Staff

@Jenova Thank you for your feedback. We are currently tracking such requirement. I have asked the responsible PM for comments.

Internal reference P_ESSW-827

Edited by MichalJ
Link to comment
Share on other sites

  • 1 month later...
  • Administrators
12 minutes ago, GregA said:

Deleting recommendations doesn't help improve the product.

Please don't misuse this topic for posting personal comments. Your posts were moved to an appropriate topic https://forum.eset.com/topic/14271-future-changes-to-eset-security-management-center-eset-remote-administrator/

Link to comment
Share on other sites

  • 1 month later...

Description: Improvement to notification emails.

Detail:  Hello I am working for an MSP currently and we have just switched to ESET Cloud Administrator version of ESET Endpoint Security/Antivirus for Windows. We currently manage several clients individual ESET accounts and have the email of notifications routed to our email. Currently the email notifications are very Generic and mention nowhere what account the email is coming from. So we receive an email that a client's product is out of date or that a computer has not connected in some time. It only says that there is an issue and no mention of which client this is in regards to. Others mention a threat and give the name of the computer and sometimes the domain the computer is on however this does not help much if the computer is off the domain,

My idea is to have each notification state the account name of which account the notification belongs to. 

 

Request: A change to the content of the notification emails so they explicitly say which account is associated with this message.

This would make the ability to respond to issues much more  smooth.

 

Workarounds for this issue takes are time consuming and are costly to our clients.

 

Link to comment
Share on other sites

  • ESET Staff
12 hours ago, JLKTechTeam said:

Description: Improvement to notification emails.

Detail:  Hello I am working for an MSP currently and we have just switched to ESET Cloud Administrator version of ESET Endpoint Security/Antivirus for Windows. We currently manage several clients individual ESET accounts and have the email of notifications routed to our email. Currently the email notifications are very Generic and mention nowhere what account the email is coming from. So we receive an email that a client's product is out of date or that a computer has not connected in some time. It only says that there is an issue and no mention of which client this is in regards to. Others mention a threat and give the name of the computer and sometimes the domain the computer is on however this does not help much if the computer is off the domain,

My idea is to have each notification state the account name of which account the notification belongs to. 

 

Request: A change to the content of the notification emails so they explicitly say which account is associated with this message.

This would make the ability to respond to issues much more  smooth.

 

Workarounds for this issue takes are time consuming and are costly to our clients.

 

Hello JLKTechTeam,

thank you very much for your request.

We have it on the roadmap. We plan to add the possibility to create own or edit existing notifications. This feature should be available in Q4/2020-Q1/2021.

Link to comment
Share on other sites

Description: System Restart Required Prompt 

Problem:  Endpoint product update process could be challenging since eset product update requires restarting the computer. I have managing a network contains 10000 ESET Clients. After deploying the ESET product update, ESET requires a restart. I cannot force system restart because there is always users actively using their pcs. Some users shutdowns their pcs end of day, some users leaves running for days. Even if the user shutdown pc at end of day, the hybrid sleep or hibernation may be open. Finally, a lot of red ESET clients gives system restart required warning.

Solution/Feature: A window like following windows update dialog. The administrator will set a postpone limit, for example up to 5 hours. ESET will prompt system restart window but allow users to postpone. Then It will automatically restart the system when it reaches the postpone limit.

The first versions of Deslock I used had this feature.(maybe still have)

 

 img-1.jpg

Edited by mathisbilgi
typo
Link to comment
Share on other sites

  • Administrators

Normally a computer restart is recommended after upgrade to a newer version but not immediately required. You can configure Endpoint via ESMC to not change protection status on clients when a reboot is recommended or required and at the same time have the status reported in the ESMC console:

image.png

Upgrade to v7.3 is an exception due to big changes under the hood and without a reboot real-time protection will not work after upgrade.

When we start releasing so-call uPCU program updates (v7 is ready for uPCU), the update will be applied after a computer restart. Again, users may not get any notification and only administrators will see in the ESMC console that a reboot is recommended. They can then send a message to users to reboot the machines for instance.

Link to comment
Share on other sites

I know the endpoint policy options you have mentioned but what if you upgrade ESET from older version? some important modules do not work without rebooting. 

 

Broadcom AV has this feature. Please see screenshot below.

https://help.symantec.com/cs/SAEP/SAEP/v128843728_v123284638/Restart-type-and-settings-for-client-installation-packagessepe_client_installation_settings_advanced_restart?locale=EN_US

comment-11787941-files_Capture_179.JPG

Edited by mathisbilgi
Link to comment
Share on other sites

  • Administrators

Unless you upgrade from a very old version (v4/v5) to v7.2, a computer restart should be only recommended, not required for antivirus protection to work. Of course, we don't recommend leaving such machines without a restart for too long.

Link to comment
Share on other sites

  • 2 months later...
  • Administrators
48 minutes ago, ZeroEagle said:

Please remove already blue micro-hints from EES. Very annoying. There is no option to disable them. Leave them for home users.

Just to make sure, do you mean this one?

image.png

Link to comment
Share on other sites

19 hours ago, Marcos said:

Just to make sure, do you mean this one?

image.png

Hello,

Indeed that must be changed to something lthat shows ETA like: "estimated time left 10 minutes".

Users are impatient.

Peter

Link to comment
Share on other sites

I completely agree. Advanced users should be able to disable any hints. Why do they need them? For example, we have been using ESET products for over 10 years. We already know how and what works. If needed there is a FAQ on the site. For home users, you can leave hints as some of them really noobs :)

For visual perception, it is better to use blue progress bar like in EES v5 when scan something.

PS: The hint appears not only in the scan window, but also in LiveGrid settings.

Link to comment
Share on other sites

  • 4 weeks later...

Description: Ability to configure status alerts on ESMC

Detail: When viewing computers, they are higlighted yellow or red depending on what issue they are experiencing. It would be extremely useful to be able to configure what issues are categorized as red or yellow. For example I would want to have "Firewall is Disabled" highlighted as red, but currently is only highlighted as yellow (warning).

 

Link to comment
Share on other sites

  • Administrators
4 minutes ago, Sergii said:

Description: Ability to configure status alerts on ESMC

It's already there. Application status can be configured via a policy. The setting enables you to choose which status will be reported on clients and which in the ESMC console.

image.png

Link to comment
Share on other sites

40 minutes ago, Marcos said:

It's already there. Application status can be configured via a policy. The setting enables you to choose which status will be reported on clients and which in the ESMC console.

image.png

Thank you Marcos. I found those settings, but I would like to be able to change color between yellow(warning) and red(error/critical) for those individual statuses. I can't seem to find that option.

 I attached a picture of the color highlighting that I'm talking about. Thank you!

 

 

ESET Colored Alerts.PNG

Link to comment
Share on other sites

  • Administrators
8 minutes ago, Sergii said:

Thank you Marcos. I found those settings, but I would like to be able to change color between yellow(warning) and red(error/critical) for those individual statuses. I can't seem to find that option.

That's not possible. The color represents the severity of particular messages and therefore cannot be changed by users.

Link to comment
Share on other sites

On 9/17/2020 at 11:22 AM, Marcos said:

That's not possible. The color represents the severity of particular messages and therefore cannot be changed by users.

Okay thank you for clarying Marcos.

Link to comment
Share on other sites

  • 5 weeks later...
On 1/19/2020 at 9:48 AM, Benjamin82 said:

I will second the suggestion to add some sort of Application Control/Whitelisting feature.  I know you mentioned it's on the longer term roadmap, but I'm not sure what that timeline looks like.  Application whitelisting is becoming a preferred endpoint control, in fact, the Australian ASD emphasizes it in their "Essential Eight" controls (https://www.cyber.gov.au/publications/essential-eight-explained).  I've used Microsoft's built in Software Restriction Policies, and while those still generally work, they are no longer being actively developed/supported by Microsoft.  Applocker is the suggested replacement, but that's only available in Enterprise, which is very costly to license, so many small to medium sized business use Windows Pro.  Application control is also becoming a common feature in business endpoint products.  I reviewed several of the main business endpoint vendors, and it's included in some fashion by the following:

Symantec Endpoint Protection

McAfee

Trend Micro Worry-free Services

Kaspersky ("Trusted Applications Mode")

Bitdefender

F-secure PSB

I like the configurability that HIPS offers, but it cannot quite replicate the "default deny" capabilities of a whitelisting approach.

Is Application Control/Whitelisting still on the product roadmap?  It's becoming commonplace in most endpoint products.  Currently I typically use the now deprecated (but still working) Software Restriction Policies built into Windows, in conjunction with ESET.  Kaspersky in particular has made their whitelisting very configurable in their Endpoint Security for Windows product (https://support.kaspersky.com/KESWin/11/en-US/165718.htm), and can handle whitelisting based on hash, file path, certificate, etc. (similar to SRP and Applocker).  There are some dedicated third party solutions for handling application whitelisting as well, such as Airlock Digital (https://www.airlockdigital.com/), and even ManageEngine recently launched a new offering (https://www.manageengine.com/application-control/?pos=Allprod&cat=ITS&loc=links&prev=AB2).  But it would be very handy to have this sort of control available in ESET Endpoint products.

Link to comment
Share on other sites

  • 2 weeks later...

Description: hide domain name on username of computer.

Detail: when you display the column "username" of a computer, it is fisplayed on the format domain\username. The domain name consums a lot of space when the domain name is large. Could be great and option to hide the domain name or show on a separate column.

Link to comment
Share on other sites

Description: better management about console alerts "reboot computer is needed" .

Detail: When you deploy a new version of ESET Enpoint Security and you do not enable "restart computer automatically without prompt" the red alert "reboot computer needed" is added to console. If user turno off computer, the alert does not be deleted. When user turn off computer and turn on again, this alert should disappear.

Same issue with other alerts like "device control is not totally ready", "a reboot is recommended after update ESET", etc...

This problem cause that my console shows lot of alerts that are really solved because user turn-off computer

Link to comment
Share on other sites

  • Administrators
20 minutes ago, KGAIBERIA said:

Description: better management about console alerts "reboot computer is needed" .

Detail: When you deploy a new version of ESET Enpoint Security and you do not enable "restart computer automatically without prompt" the red alert "reboot computer needed" is added to console. If user turno off computer, the alert does not be deleted. When user turn off computer and turn on again, this alert should disappear.

Same issue with other alerts like "device control is not totally ready", "a reboot is recommended after update ESET", etc...

This problem cause that my console shows lot of alerts that are really solved because user turn-off computer

The message to reboot the machine should not appear after a reboot or when you turn on the computer and fast startup is disabled. I'd recommend creating a ticket with your local ESET support or at least provide the following in a new topic:

- in the advanced setup, navigate to Tools -> Diagnostics and click the Create button to generate a dump of ekrn
- collect logs with ESET Log Collector and upload the generate zip file here. If too big, upload it to a safe location and provide me with a download link in a private message.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...