Jump to content

Future changes to ESET Endpoint programs


Recommended Posts

36 minutes ago, Benjamin82 said:

I like the configurability that HIPS offers, but it cannot quite replicate the "default deny" capabilities of a whitelisting approach.

I for one have previously posted a modification recommendation to existing HIPS learning mode processing that would only create startup rules for existing processes versus recording every activity a process is performing. The later in effect makes overall HIPS rule review unmanageable.

One of the problems with whitelisting is to be effective it is hash based. Given the frequency of OS and app updating, maintenance of whitelisted processes is problematic. Trusted Publisher exclusion capability is not secure since it is certificate based and well, it really can't be trusted anymore these days.

Edited by itman
Link to post
Share on other sites
  • 1 month later...
  • Replies 69
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Please remove already blue micro-hints from EES. Very annoying. There is no option to disable them. Leave them for home users.

Exactly. Though I view wake-up call more like wake-on-lan, requiring network broadcast, which is not a good practice across multiple subnets.   I'm looking for a simple 'send policy' that doesn't re

@Markwd Hello, there are two reasons. Anti-theft in consumer is focused on device retrieval, not on the data security (no possibility to wipe the disk on the device). Also, the implementation capable

Posted Images

Please consider moving Override mode button from advanced settings into general settings area.

All our ESET Endpoint clients have password protected settings (password known only to IT support staff). At the moment in order to be able to use Override mode I'd have to either remove the password (not an option) or reveal the password to at least some users (also not an option). From my point of view it makes no sense...

In our office all external devices are blocked by default by an appropriate policy. I have a couple of users who should be able to work with removable media but:
1) their settings must be password protected
2) I need them to allow specific removable media manually in Endpoint (thus making sure that it's correct AD user and he deliberately allows some particular USB stick he needs)
3) I need to be sure that user won't forget to activate device control after he finishes his work with removable media

This could be achieved with activating Override mode for particular AD user for short period of time. The user would have to activate it manually, won't have to remember to deactivate it, won't have to know advanced settings password (meaning wouldn't be able to change something permanently).

Link to post
Share on other sites
  • ESET Staff
Posted (edited)

@Jenova Thank you for your feedback. We are currently tracking such requirement. I have asked the responsible PM for comments.

Internal reference P_ESSW-827

Edited by MichalJ
Link to post
Share on other sites
  • 1 month later...
  • Administrators
12 minutes ago, GregA said:

Deleting recommendations doesn't help improve the product.

Please don't misuse this topic for posting personal comments. Your posts were moved to an appropriate topic https://forum.eset.com/topic/14271-future-changes-to-eset-security-management-center-eset-remote-administrator/

Link to post
Share on other sites
  • 1 month later...

Description: Improvement to notification emails.

Detail:  Hello I am working for an MSP currently and we have just switched to ESET Cloud Administrator version of ESET Endpoint Security/Antivirus for Windows. We currently manage several clients individual ESET accounts and have the email of notifications routed to our email. Currently the email notifications are very Generic and mention nowhere what account the email is coming from. So we receive an email that a client's product is out of date or that a computer has not connected in some time. It only says that there is an issue and no mention of which client this is in regards to. Others mention a threat and give the name of the computer and sometimes the domain the computer is on however this does not help much if the computer is off the domain,

My idea is to have each notification state the account name of which account the notification belongs to. 

 

Request: A change to the content of the notification emails so they explicitly say which account is associated with this message.

This would make the ability to respond to issues much more  smooth.

 

Workarounds for this issue takes are time consuming and are costly to our clients.

 

Link to post
Share on other sites
  • ESET Staff
12 hours ago, JLKTechTeam said:

Description: Improvement to notification emails.

Detail:  Hello I am working for an MSP currently and we have just switched to ESET Cloud Administrator version of ESET Endpoint Security/Antivirus for Windows. We currently manage several clients individual ESET accounts and have the email of notifications routed to our email. Currently the email notifications are very Generic and mention nowhere what account the email is coming from. So we receive an email that a client's product is out of date or that a computer has not connected in some time. It only says that there is an issue and no mention of which client this is in regards to. Others mention a threat and give the name of the computer and sometimes the domain the computer is on however this does not help much if the computer is off the domain,

My idea is to have each notification state the account name of which account the notification belongs to. 

 

Request: A change to the content of the notification emails so they explicitly say which account is associated with this message.

This would make the ability to respond to issues much more  smooth.

 

Workarounds for this issue takes are time consuming and are costly to our clients.

 

Hello JLKTechTeam,

thank you very much for your request.

We have it on the roadmap. We plan to add the possibility to create own or edit existing notifications. This feature should be available in Q4/2020-Q1/2021.

Link to post
Share on other sites
Posted (edited)

Description: System Restart Required Prompt 

Problem:  Endpoint product update process could be challenging since eset product update requires restarting the computer. I have managing a network contains 10000 ESET Clients. After deploying the ESET product update, ESET requires a restart. I cannot force system restart because there is always users actively using their pcs. Some users shutdowns their pcs end of day, some users leaves running for days. Even if the user shutdown pc at end of day, the hybrid sleep or hibernation may be open. Finally, a lot of red ESET clients gives system restart required warning.

Solution/Feature: A window like following windows update dialog. The administrator will set a postpone limit, for example up to 5 hours. ESET will prompt system restart window but allow users to postpone. Then It will automatically restart the system when it reaches the postpone limit.

The first versions of Deslock I used had this feature.(maybe still have)

 

 img-1.jpg

Edited by mathisbilgi
typo
Link to post
Share on other sites
  • Administrators

Normally a computer restart is recommended after upgrade to a newer version but not immediately required. You can configure Endpoint via ESMC to not change protection status on clients when a reboot is recommended or required and at the same time have the status reported in the ESMC console:

image.png

Upgrade to v7.3 is an exception due to big changes under the hood and without a reboot real-time protection will not work after upgrade.

When we start releasing so-call uPCU program updates (v7 is ready for uPCU), the update will be applied after a computer restart. Again, users may not get any notification and only administrators will see in the ESMC console that a reboot is recommended. They can then send a message to users to reboot the machines for instance.

Link to post
Share on other sites
Posted (edited)

I know the endpoint policy options you have mentioned but what if you upgrade ESET from older version? some important modules do not work without rebooting. 

 

Broadcom AV has this feature. Please see screenshot below.

https://help.symantec.com/cs/SAEP/SAEP/v128843728_v123284638/Restart-type-and-settings-for-client-installation-packagessepe_client_installation_settings_advanced_restart?locale=EN_US

comment-11787941-files_Capture_179.JPG

Edited by mathisbilgi
Link to post
Share on other sites
  • Administrators

Unless you upgrade from a very old version (v4/v5) to v7.2, a computer restart should be only recommended, not required for antivirus protection to work. Of course, we don't recommend leaving such machines without a restart for too long.

Link to post
Share on other sites
  • 2 months later...
  • Administrators
48 minutes ago, ZeroEagle said:

Please remove already blue micro-hints from EES. Very annoying. There is no option to disable them. Leave them for home users.

Just to make sure, do you mean this one?

image.png

Link to post
Share on other sites
19 hours ago, Marcos said:

Just to make sure, do you mean this one?

image.png

Hello,

Indeed that must be changed to something lthat shows ETA like: "estimated time left 10 minutes".

Users are impatient.

Peter

Link to post
Share on other sites

I completely agree. Advanced users should be able to disable any hints. Why do they need them? For example, we have been using ESET products for over 10 years. We already know how and what works. If needed there is a FAQ on the site. For home users, you can leave hints as some of them really noobs :)

For visual perception, it is better to use blue progress bar like in EES v5 when scan something.

PS: The hint appears not only in the scan window, but also in LiveGrid settings.

Link to post
Share on other sites
  • 4 weeks later...

Description: Ability to configure status alerts on ESMC

Detail: When viewing computers, they are higlighted yellow or red depending on what issue they are experiencing. It would be extremely useful to be able to configure what issues are categorized as red or yellow. For example I would want to have "Firewall is Disabled" highlighted as red, but currently is only highlighted as yellow (warning).

 

Link to post
Share on other sites
  • Administrators
4 minutes ago, Sergii said:

Description: Ability to configure status alerts on ESMC

It's already there. Application status can be configured via a policy. The setting enables you to choose which status will be reported on clients and which in the ESMC console.

image.png

Link to post
Share on other sites
40 minutes ago, Marcos said:

It's already there. Application status can be configured via a policy. The setting enables you to choose which status will be reported on clients and which in the ESMC console.

image.png

Thank you Marcos. I found those settings, but I would like to be able to change color between yellow(warning) and red(error/critical) for those individual statuses. I can't seem to find that option.

 I attached a picture of the color highlighting that I'm talking about. Thank you!

 

 

ESET Colored Alerts.PNG

Link to post
Share on other sites
  • Administrators
8 minutes ago, Sergii said:

Thank you Marcos. I found those settings, but I would like to be able to change color between yellow(warning) and red(error/critical) for those individual statuses. I can't seem to find that option.

That's not possible. The color represents the severity of particular messages and therefore cannot be changed by users.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...