Marcos

Future changes to ESET Remote Administrator

Recommended Posts

Just now, MichalJ said:

@SysEPr It is already integrated in the ERA agent.

You can run a task "software uninstall" where you can choose the option to use the AV Remover, to clean "supported applications". 

Then why can't you determine, whether an application installed is a security product or not?

Share this post


Link to post
Share on other sites

BTW, it might help to understand how I envision use of ERA, I manage a small MSP, we have a few hundred endpoints, many will stipulate that we should have an official RMM & PSA tool, I disagree. I find that between ERA & ScreenConnect we can efficiently serve our clients.

So, many of my comments reflect that desire to have ERA include features that are typically found in a RMM tool, this may be unfair to your developers, but if we can have a few more features, I am convinced your sales & marketers will be delighted. Furthermore it will give ESET more control over your destiny, currently if you want to grow quickly, you will need to make a deal with one of the big RMM players to sell your products at a 90% discount. If you get a few more RMM features, I am convinced more MSPs and IT departments will agree with my world view embracing a simpler, more efficient set of tools to serve their clients.

Share this post


Link to post
Share on other sites

@SysEPr It´s based on the way, how the AV remover is integrated (also, what is the usage allowed by the 3rd party vendor, that ships us the library). We can´t run a "silent scan", and report the outputs. We can juts execute the "cleaner", but not in a silent way. I will discuss this with the teams, whether it would be possible to adopt it for this purpose.

 

Share this post


Link to post
Share on other sites

@katycomputersystems Thank you for the feedback. It gives us an interesting point of view, towards the potential of the future. We are conducting a regular customer research, when we do talk personally with various types of users (MSPs are among them, as they are more commonly the ones, that are operating ERA). Would you be willing to participate? We can discuss more details, in order how to make the product better for you, and also to learn a bit more about your daily agenda, etc. If yes, please send me a private message, I will also invite colleagues responsible for our MSP offering. 

Share this post


Link to post
Share on other sites

"Send Wake Up Call" works well on local network, not so well in the field.

It would be great if could use the command line to prompt ERA Agent to phone home.

We'd put the command in our ScreenConnect toolbox & issue command as appropriate. Currently, we have ESET phoning home every minute, I would like to drop that to every hour, but can't afford to do so while getting things setup.

Share this post


Link to post
Share on other sites

@katycomputersystems Thank you for the feedback. We are already tracking improvement for that, it was requested by several MSPs in the past, who are using different tools for having access to the machine, but also by some customers, doing the same. 

katycomputersystems likes this

Share this post


Link to post
Share on other sites
On 1/5/2018 at 5:09 AM, MichalJ said:

@Jaroslav Mixa Thank you for your constructive feedback. I would like to assure you, that your feedback is being heard. Below, you can find couple of notes, related to some products. 

  • @Sorting / filtering – This will be possible. For the future release, we are preparing multiple changes with regards of filtering / sorting in the webconsole.

 

I'd like to add to the Sorting/filtering item.

Description: The current filtering prepositions are limited and a little confusing.

Detail:

I was looking at the "Last Connected" report template on the Dashboard, and I had recently added a whole bunch of rogue systems to a subgroup under "Unknown" static group.  By default, the "Last connected" report includes all systems.  I wanted to filter out the "unknown" static group and its subgroups.

I tried creating a filter:

Static Group; Static Group Parent Hierarchy     in     Unknown

which obviously isn't what I want; but there's no  "not in".  And there's no obvious way of setting "All" computers but exclude the static group "Unknown".

So I thought I'd try:

Static Group   = All

Static Group; Static Group Parent Hierarchy  not equal    Unknown.

That didn't work.

So having more prepositions (if that's what you call them) would help a lot.

 

Share this post


Link to post
Share on other sites
Posted (edited)

One more thing if you could locally run a command against ERAAgent to regen guid would be nice

eg

eraagent --regenguid

and that just does an UPDATE key_value_table SET value = '%randomguid%' WHERE key = 'local_peer_uuid'

in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db

and updates the reg keys as well

REG delete HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info /v ProductInstanceID /f
REG add HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info /v ProductInstanceID /t REG_SZ /d %randomguid% /f

otherwise you end up having to do it with sqlite3 with a bunch of scripts and hacks to crash the service modify it then start it again it works but would be nice if i didn't have to and it could just do it out of the box,

PS I know its wrong, and I only do this when the guys forget to tell me when they deployed an image without telling me first and somehow included it in the image, would be even better if this was supported so i could just tell the guys to do what they like as long as they run the command at the end of an imaging task

Tim

Edited by Tim Jones
Forgot reg key thing 2

Share this post


Link to post
Share on other sites
15 hours ago, Tim Jones said:

One more thing if you could locally run a command against ERAAgent to regen guid would be nice

eg

eraagent --regenguid

and that just does an UPDATE key_value_table SET value = '%randomguid%' WHERE key = 'local_peer_uuid'

in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db

and updates the reg keys as well

REG delete HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info /v ProductInstanceID /f
REG add HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info /v ProductInstanceID /t REG_SZ /d %randomguid% /f

otherwise you end up having to do it with sqlite3 with a bunch of scripts and hacks to crash the service modify it then start it again it works but would be nice if i didn't have to and it could just do it out of the box,

PS I know its wrong, and I only do this when the guys forget to tell me when they deployed an image without telling me first and somehow included it in the image, would be even better if this was supported so i could just tell the guys to do what they like as long as they run the command at the end of an imaging task

Tim

+1 for this request.  Or some other way of accomplishing this 

Share this post


Link to post
Share on other sites
Posted (edited)

@kingoftheworld@Tim Jones- in general, we believe this won´t be needed with the upcoming release, where we are introducing a new feature, that should automatically identify duplicated entries, based on their hardware, and let you resolve (reset) the agent UUID from there. You would be able even to pre-configure the desired behavior (so when a default image is deployed, it will automatically get a new UUID).

Do you have any other usecase for this behavior?

Edited by MichalJ

Share this post


Link to post
Share on other sites

@ewong have you tried a filter "static group" not equal "unknown" ? That should achieve what you are searching for.

Share this post


Link to post
Share on other sites
3 hours ago, MichalJ said:

@kingoftheworld@Tim Jones- in general, we believe this won´t be needed with the upcoming release, where we are introducing a new feature, that should automatically identify duplicated entries, based on their hardware, and let you resolve (reset) the agent UUID from there. You would be able even to pre-configure the desired behavior (so when a default image is deployed, it will automatically get a new UUID).

Do you have any other usecase for this behavior?

This would only work if you deploy your image on different hardware, but in corporate environments a lot of times you have a bunch of identical computers with identical hardware.

Share this post


Link to post
Share on other sites

Per other users, I second this feature request:

Description: Agent installer that installs the latest [product] version by default.

Quote

As of now, we are not able to do this due to legal restrictions (you pre-accept EULA upon generating, however each version can have adjustments in EULA). So legal department is against it. But improvement itself is being tracked.

A checkbox for 'Latest Available Version' would be outstanding. Regarding the EULA/legal issues, perhaps another acknowledgement checkbox could justify the demand. Additionally, having no expiration for these Client Tasks would aid in the efficiency of the process [we currently have Dynamic Groups for 'ESET Not Installed' that trigger the Client Task to install Version 6.X that will fail if that repository has been removed].

Share this post


Link to post
Share on other sites

@fchelp what do you mean “identical”? Identical serial numbers? SMBios IDs, or just the same hw configuration? 

Share this post


Link to post
Share on other sites

Hello Team,

Need to improve product & features as below. 

(1)Advanced device control to block WI-FI & other device. 
(2)Application Control to mange Application. 
(3) Advance Web control to block browser web proxy like ultra surf.

(4)File Activity Monitor to monitor any suspicious activity related to the confidential files on in system.

(5)if some client not connect to era since long time than it shown as offline and can we set auto setting if some client not connected from last 30 days than automatically remove from ERA and remove duplicate entry automatically in client list.

(6)Easy Client remote uninstall method.

(7) Improve report section for users.

(8) Easy way for Email notification for basic antivirus event in ERA.

 

Share this post


Link to post
Share on other sites

@SandipThanki Thank you for your feedback. I would however kindly ask you to continue in the form of "reported problem" & "expected solution", as understanding of your "feature requests" might differ, and I would like to prevent the state, when we do implement something, that would not achieve the intentions behind it. So, can you please provide more details, about which problems are you willing to solve with the proposed solutions? Thank you. 

Share this post


Link to post
Share on other sites

Hello

Description: disable product change possibility after any settings have been configured in a policy

Detail:  

imagine the following:
- create a policy
- change some setting
- change product within this policy
- save the policy
In this case all of the previous settings are gone.

Share this post


Link to post
Share on other sites
13 minutes ago, ludolf said:

Detail:  

imagine the following:
- create a policy
- change some setting
- change product within this policy
- save the policy
In this case all of the previous settings are gone.

Policies are per product so if you later edit a policy and change the product to another one, it's normal that the settings previously defined for the former product will be lost. The new product you selected may not even support those settings.

Share this post


Link to post
Share on other sites

Exactly. If somebody change product accidentally and saves the policy, the settings are lost. This shouldn't be happen. If the admin selects a product within a policy, and change any setting, the product selection list should be disabled. After this, if the admin would like to point the settings to other product, he should to create a new policy. IMHO

Share this post


Link to post
Share on other sites
17 hours ago, Marcos said:

Policies are per product so if you later edit a policy and change the product to another one, it's normal that the settings previously defined for the former product will be lost. The new product you selected may not even support those settings.

 

Is it so hard to insert a discard/apply/really/maybe popup when admin accidentally click on product change?

Thanks.

Share this post


Link to post
Share on other sites

Hello Sir,

expected some features in ESET Endpoint Or in ERA To competition other antivirus and other antivirus product already give that type features.

Expected Features:

(1)Advanced device control to block WI-FI device. 
(2)Application Control to mange Application. 

(3)File Activity Monitor to monitor any suspicious activity related to the confidential files on in system.

 

Expected Solution:

(1)if some client not connect to era since long time than it shown as offline and can we set auto setting if some client not connected from last 30 days than automatically remove from ERA and remove duplicate entry automatically in client list.

(2) Improve report section.

(3) Easy way for Email notification for basic antivirus event in ERA. like threat detection,not update client,offline client

Share this post


Link to post
Share on other sites

1, There's already a server task "Delete not connecting computers".
2, This is a very general wish. Be more specific please. In the initial announcement in this topic, we wrote: NOTE: When making your requests do not make general statements such as "better gui". If you have a specific feature or functionality you would like to see added (or improved) please post it here, but general requests to "make things better" are not helpful because they do not give ESET detailed enough information. Thank you for your understanding.

3, You can send SMTP notifications from clients upon threat detection or reports with detected threats from ERA. I'm quite sure that it's also possible to send reports about outdated clients.

Share this post


Link to post
Share on other sites

We've been using ESET for years here at my organisation, long before I started, and I have overseen the upgrade from ESET v4 running NOD32 up to ESET v6.6 running Endpoint Antivirus. 

Once I got my head around the fact that it required an Agent first, then the antivirus, it's been a breeze.

However I feel that the reporting is somewhat lacking in terms of filters. For example - when I go to 'Threats', then click on 'Add Filter', I expected to be able to filter by the visible 'Action' column - so I could only select everything that had been Cleaned by Deleting and Mark as Resolved. Unfortunately there is no option to add a filter for that 'Action' column. Some columns that are visible in that report seemed to be inexplicably missing as Filter options.

I was also trying to filter the 'Installed ESET Applications' dashboard report so that it excluded both the ESET Remote Administrator Server and the ESET Rogue Detection Sensor. I discovered that it is only possible to add one entry in that field, and each field can only be added once.

It's likely that there is a reason for such limitations on reporting but it is annoying.

Share this post


Link to post
Share on other sites
13 minutes ago, Bedders said:

However I feel that the reporting is somewhat lacking in terms of filters. For example - when I go to 'Threats', then click on 'Add Filter', I expected to be able to filter by the visible 'Action' column - so I could only select everything that had been Cleaned by Deleting and Mark as Resolved.

I assume that creating a filter for Active threats -> Count >= 1 should do the trick and only active threats (ie. those that could not be cleaned / deleted for whatever reason) should be included in the report then.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   1 member