Jump to content
Aryeh Goretsky

Future changes to ESET Endpoint programs

Recommended Posts

36 minutes ago, Benjamin82 said:

I like the configurability that HIPS offers, but it cannot quite replicate the "default deny" capabilities of a whitelisting approach.

I for one have previously posted a modification recommendation to existing HIPS learning mode processing that would only create startup rules for existing processes versus recording every activity a process is performing. The later in effect makes overall HIPS rule review unmanageable.

One of the problems with whitelisting is to be effective it is hash based. Given the frequency of OS and app updating, maintenance of whitelisted processes is problematic. Trusted Publisher exclusion capability is not secure since it is certificate based and well, it really can't be trusted anymore these days.

Edited by itman

Share this post


Link to post
Share on other sites

Please consider moving Override mode button from advanced settings into general settings area.

All our ESET Endpoint clients have password protected settings (password known only to IT support staff). At the moment in order to be able to use Override mode I'd have to either remove the password (not an option) or reveal the password to at least some users (also not an option). From my point of view it makes no sense...

In our office all external devices are blocked by default by an appropriate policy. I have a couple of users who should be able to work with removable media but:
1) their settings must be password protected
2) I need them to allow specific removable media manually in Endpoint (thus making sure that it's correct AD user and he deliberately allows some particular USB stick he needs)
3) I need to be sure that user won't forget to activate device control after he finishes his work with removable media

This could be achieved with activating Override mode for particular AD user for short period of time. The user would have to activate it manually, won't have to remember to deactivate it, won't have to know advanced settings password (meaning wouldn't be able to change something permanently).

Share this post


Link to post
Share on other sites

@Jenova Thank you for your feedback. We are currently tracking such environment. I have asked the responsible PM for comments.

Internal reference P_ESSW-827

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...