Jump to content
Aryeh Goretsky

Future changes to ESET Endpoint programs

Recommended Posts

36 minutes ago, Benjamin82 said:

I like the configurability that HIPS offers, but it cannot quite replicate the "default deny" capabilities of a whitelisting approach.

I for one have previously posted a modification recommendation to existing HIPS learning mode processing that would only create startup rules for existing processes versus recording every activity a process is performing. The later in effect makes overall HIPS rule review unmanageable.

One of the problems with whitelisting is to be effective it is hash based. Given the frequency of OS and app updating, maintenance of whitelisted processes is problematic. Trusted Publisher exclusion capability is not secure since it is certificate based and well, it really can't be trusted anymore these days.

Edited by itman

Share this post


Link to post
Share on other sites

Please consider moving Override mode button from advanced settings into general settings area.

All our ESET Endpoint clients have password protected settings (password known only to IT support staff). At the moment in order to be able to use Override mode I'd have to either remove the password (not an option) or reveal the password to at least some users (also not an option). From my point of view it makes no sense...

In our office all external devices are blocked by default by an appropriate policy. I have a couple of users who should be able to work with removable media but:
1) their settings must be password protected
2) I need them to allow specific removable media manually in Endpoint (thus making sure that it's correct AD user and he deliberately allows some particular USB stick he needs)
3) I need to be sure that user won't forget to activate device control after he finishes his work with removable media

This could be achieved with activating Override mode for particular AD user for short period of time. The user would have to activate it manually, won't have to remember to deactivate it, won't have to know advanced settings password (meaning wouldn't be able to change something permanently).

Share this post


Link to post
Share on other sites

@Jenova Thank you for your feedback. We are currently tracking such environment. I have asked the responsible PM for comments.

Internal reference P_ESSW-827

Share this post


Link to post
Share on other sites

Deleting recommendations doesn't help improve the product.

Share this post


Link to post
Share on other sites

Description: Improvement to notification emails.

Detail:  Hello I am working for an MSP currently and we have just switched to ESET Cloud Administrator version of ESET Endpoint Security/Antivirus for Windows. We currently manage several clients individual ESET accounts and have the email of notifications routed to our email. Currently the email notifications are very Generic and mention nowhere what account the email is coming from. So we receive an email that a client's product is out of date or that a computer has not connected in some time. It only says that there is an issue and no mention of which client this is in regards to. Others mention a threat and give the name of the computer and sometimes the domain the computer is on however this does not help much if the computer is off the domain,

My idea is to have each notification state the account name of which account the notification belongs to. 

 

Request: A change to the content of the notification emails so they explicitly say which account is associated with this message.

This would make the ability to respond to issues much more  smooth.

 

Workarounds for this issue takes are time consuming and are costly to our clients.

 

Share this post


Link to post
Share on other sites
12 hours ago, JLKTechTeam said:

Description: Improvement to notification emails.

Detail:  Hello I am working for an MSP currently and we have just switched to ESET Cloud Administrator version of ESET Endpoint Security/Antivirus for Windows. We currently manage several clients individual ESET accounts and have the email of notifications routed to our email. Currently the email notifications are very Generic and mention nowhere what account the email is coming from. So we receive an email that a client's product is out of date or that a computer has not connected in some time. It only says that there is an issue and no mention of which client this is in regards to. Others mention a threat and give the name of the computer and sometimes the domain the computer is on however this does not help much if the computer is off the domain,

My idea is to have each notification state the account name of which account the notification belongs to. 

 

Request: A change to the content of the notification emails so they explicitly say which account is associated with this message.

This would make the ability to respond to issues much more  smooth.

 

Workarounds for this issue takes are time consuming and are costly to our clients.

 

Hello JLKTechTeam,

thank you very much for your request.

We have it on the roadmap. We plan to add the possibility to create own or edit existing notifications. This feature should be available in Q4/2020-Q1/2021.

Share this post


Link to post
Share on other sites
Posted (edited)

Description: System Restart Required Prompt 

Problem:  Endpoint product update process could be challenging since eset product update requires restarting the computer. I have managing a network contains 10000 ESET Clients. After deploying the ESET product update, ESET requires a restart. I cannot force system restart because there is always users actively using their pcs. Some users shutdowns their pcs end of day, some users leaves running for days. Even if the user shutdown pc at end of day, the hybrid sleep or hibernation may be open. Finally, a lot of red ESET clients gives system restart required warning.

Solution/Feature: A window like following windows update dialog. The administrator will set a postpone limit, for example up to 5 hours. ESET will prompt system restart window but allow users to postpone. Then It will automatically restart the system when it reaches the postpone limit.

The first versions of Deslock I used had this feature.(maybe still have)

 

 img-1.jpg

Edited by mathisbilgi
typo

Share this post


Link to post
Share on other sites

Normally a computer restart is recommended after upgrade to a newer version but not immediately required. You can configure Endpoint via ESMC to not change protection status on clients when a reboot is recommended or required and at the same time have the status reported in the ESMC console:

image.png

Upgrade to v7.3 is an exception due to big changes under the hood and without a reboot real-time protection will not work after upgrade.

When we start releasing so-call uPCU program updates (v7 is ready for uPCU), the update will be applied after a computer restart. Again, users may not get any notification and only administrators will see in the ESMC console that a reboot is recommended. They can then send a message to users to reboot the machines for instance.

Share this post


Link to post
Share on other sites
Posted (edited)

I know the endpoint policy options you have mentioned but what if you upgrade ESET from older version? some important modules do not work without rebooting. 

 

Broadcom AV has this feature. Please see screenshot below.

https://help.symantec.com/cs/SAEP/SAEP/v128843728_v123284638/Restart-type-and-settings-for-client-installation-packagessepe_client_installation_settings_advanced_restart?locale=EN_US

comment-11787941-files_Capture_179.JPG

Edited by mathisbilgi

Share this post


Link to post
Share on other sites

Unless you upgrade from a very old version (v4/v5) to v7.2, a computer restart should be only recommended, not required for antivirus protection to work. Of course, we don't recommend leaving such machines without a restart for too long.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...