Jump to content

Future changes to ESET Endpoint programs


Recommended Posts

Include BadUSB Prevention like G Data's USB Keyboard Guard. That would be cool. It scans all connected devices and after that, every other/new connected usb device will need to be allowed manually. user interaction or by eset protect backend.

Link to post
Share on other sites
On 10/18/2020 at 2:57 PM, Benjamin82 said:

Is Application Control/Whitelisting still on the product roadmap?  It's becoming commonplace in most endpoint products.  Currently I typically use the now deprecated (but still working) Software Restriction Policies built into Windows, in conjunction with ESET.  Kaspersky in particular has made their whitelisting very configurable in their Endpoint Security for Windows product (https://support.kaspersky.com/KESWin/11/en-US/165718.htm), and can handle whitelisting based on hash, file path, certificate, etc. (similar to SRP and Applocker).  There are some dedicated third party solutions for handling application whitelisting as well, such as Airlock Digital (https://www.airlockdigital.com/), and even ManageEngine recently launched a new offering (https://www.manageengine.com/application-control/?pos=Allprod&cat=ITS&loc=links&prev=AB2).  But it would be very handy to have this sort of control available in ESET Endpoint products.

What i'm doing atm is: HIPS Rules which are denying any execution from explorer.exe and then an additional rule which allows explorer.exe to start mspaint.exe, winword.exe, and so on. (not 100% bulletproof, but a good way to restrict the normal user) - you can use this for any kind of applications and executions. restrict starting executables out of an winrar archive, - maybe this helps you.

Link to post
Share on other sites

Description: Add preconfigured rules for HIPS / Exploit Blocker

Detail:  Eset does not have alternatives to the full set of rules from Microsoft Defenter Attack Surface Reduction (hxxps://docs.microsoft.com/de-de/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction) but has a KB for adding HIPS Rules for some exploits (KB6119).

Request: My suggestion is to take the rules form KB6119, add the missing features from Attack Surface Reduction and add them as preconfigured options to HIPS or Exploit Guard.

Link to post
Share on other sites

Description: use of Webcontrol depending on location

 

Detail: we dont wnat that the users access specific sites if they are in the office (like shopping, gaming,...)
but we don't care if they do it in their leisure time at home. Therefore a networkbased policy would be great!

Link to post
Share on other sites
  • Administrators
1 hour ago, me myself and i said:

Description: use of Webcontrol depending on location

You can accomplish this leveraging time slots:

image.png

image.png

image.png

image.png

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...