Jump to content
Marcos

Future changes to ESET Security Management Center / ESET Remote Administrator

Recommended Posts

On 9/28/2018 at 12:12 AM, MichalJ said:

Thank you @Campbell IT Concerning the "logged users" - all is clear. We are already tracking an improvement for that, so I have added your feedback to it. With regards to the "Detection Engine", would the information about "last update attempt" (= when the application contacted ESET Servers, to check whether there is a newer version of any module) or "last successful update" (= when the application actually downloaded any of the newer modules from ESET Servers, which means it´s working with the latest modules), be sufficient to you?

In the meantime, logic works, that machine changes its status from updated to non-updated after 7 days, and will report a protection status (red) with "modules out of date". If you are more strict with this, what you can do is to shorten the alert interval down to one day, by configuring a setting in a policy for security product as follows:

 

settings.png

 

"Last successful update" would work fine. In the meantime, I will adjust the settings you outlined above. Again, thanks for listening to my feedback.

Share this post


Link to post
Share on other sites

Description: Let the Customer decide the "wake-up call" method (Cloud/UDP Broadcast/Customer Server)

Detail: The new "Wake-Up call" method is not sufficient in every environment (Permanent Tcp Connection to Cloud server) because :

.) Firewall issues (have to be a direct connection to the Internet, without proxy, also on local Clients. The picture on https://help.eset.com/esmc_install/70/en-US/ports_used.html is wrong)

.) Sends some kind of keep alive every 5 Minutes here (not so good on expensive mobile connections)

.) Maybe some customers don't want direct connections from Clients to the Internet

 

Solution : Reenable the old UDP method and implement the possibility to make the connection to the Esmc Server and let the customer decide, what method he wants to use

(Not everybody is happy that all things will be in the Cloud)

Share this post


Link to post
Share on other sites
Quote

Description: Let the Customer decide the "wake-up call" method (Cloud/UDP Broadcast/Customer Server)

This has been already mentioned that we'll consider a solution for wake-up calls in offline networks in future versions.

Share this post


Link to post
Share on other sites

DescriptionMake an option for shutdown delay in scheduled scan task

Detail:  For scan task with shutdown I see for some computers Last Status as Running, but those computers are actually switched off since last task execution. Will be great to have a shutdown delay to cover the connection interval, so the Last status will show the correct value.

Share this post


Link to post
Share on other sites

@andy_s We will track this as an improvement request, towards the future versions. Issue is, that the "upgrade" itself is handled by Endpoint (in case you execute scan and select option "shutdown after scan"), and Endpoint does not initiate agent wakeup to report scan completion. It simply triggers shutdown, before the result is replicated.

Maybe, if you are willing to, can you explain why are you shutting down the machines? Is it to save power over weekends, or? As there might be different way how to achieve that. One that will report "success" would be a run command, with a respective windows shutdown / with delay, as task would report "Success" not in the moment of task execution, but on the moment when it contacted WMI provider with the command the reboot. If system acknowledged, it will report success.  Also, out of curiosity, what is your replication interval?

Share this post


Link to post
Share on other sites

I have a Client task for full scan with shutdown scheduled weekly at Fridays on 22:00. We have about 30 computers and all users don't switch them off leaving the office on Fridays.

The replication interval is the default one, I didn't change it after installation.

Quote

As there might be different way how to achieve that. One that will report "success" would be a run command, with a respective windows shutdown / with delay, as task would report "Success" not in the moment of task execution, but on the moment when it contacted WMI provider with the command the reboot. If system acknowledged, it will report success. 

For the Run command: is it possible to start the Full scan client task from the batch file or WSH script?

Share this post


Link to post
Share on other sites

@andy_s What´s the reason for you to run weekly scans? Are users able to temper protection settings (pause protection)? As in case a computer has been properly scanned after installation, having just the real time protection enabled should be sufficient. (first scan verifies, whether there is no persistent malware present after install. As even in case when definitions are update that cover something not covered before, it will be detected on execution by the resident protection.
If you run the scans only for the sake of shutting down the computers, you can easily replace it with the run command to initiate a delayed shutdown, so you get the result.

Maybe, are you seeing any detection reported by those weekly scans? Besides potentially unwanted / unsafe applications?

With regards to your last question, I am not sure, but AFAIK this might not be possible by default (will ask respective colleagues).

Edited by MichalJ

Share this post


Link to post
Share on other sites

I don't want to discuss here the protection concepts, so let's say I need thorough weekly scans. Also I know some other possibilities to switch off the computer, including the power button.

For me it looks really strange to make communication between agent and server only on time basis and not to report the task results as soon as they are ready.

I moved to ESET products from Kaspersky, and there was no problem with agent - server information exchange.

But anyway we have to work with what we have, so I hope that shutdown delay will make life better ?

 

Share this post


Link to post
Share on other sites

Description: Running tasks progress

Detail:  Currently (well I'm upgrading to the latest 7.x ERA with the 6.x component upgrade task), when I go to Client Task Executions, it states that the task is running.  If there is a way (particularly with the Eset product-based tasks, for some sort of progress showing (and even an ETA (but I suspect this might be a bit tough)). 

 

Share this post


Link to post
Share on other sites

Description: Showing (or downloading) debug logs when tasks fail.

Detail: Somewhat similar to my previous feature request, having the debug log generated during the task (akin to trace.log) and when it fails, there is a link to download the log file for that particular process.

Rationale: It's to allow the Remote Administrator to figure out what is going on within the process without needing to go into the client's workstation.

Share this post


Link to post
Share on other sites

Description: Change parent group within computer details

Detail: In ERA you could change the parent group when viewing details. Now, if you select parent group, you are prompted to rename the parent group, this is something that is rarely done. In ESMC, you change parent group by dragging the computer into a new static group, I am not a fan of that approach.

Share this post


Link to post
Share on other sites
28 minutes ago, katycomputersystems said:

 In ESMC, you change parent group by dragging the computer into a new static group, I am not a fan of that approach.

I prefer the "Move to Group" option in the context menu. Keeps you from having to go into the details screen. Does that not work? Or just want more options? I can see the use for it there too
 

Share this post


Link to post
Share on other sites

I didn't see the move to group option, it's somewhat better than the drag computer into group approach. 

Not having move to group in details is a workflow issue. Ordinarily, when adding a computer to ESMC, we run the installer, the computer shows up in a default group with only its name in the description field. We open details, edit the name and (until now) change its group to an appropriate group, click OK and we are done.  The new way of doing things adds a step, every step creates the opportunity for an error to occur. Besides, there is no reason for us to edit the static group's name within the computer description page, this is inconsistent and makes no sense, it was a bad idea and should be fixed.

Share this post


Link to post
Share on other sites

Description: anti-phishing Ignore button disable option
Detail: when user open a phishing website user can ignore the warning and open the site. We need a function where we can disable "Ignore threat" button. I did't find any option under Anti-phishing protection settings. Please add it to ESMC policy's too.

 

anti_phishing.png

anti_phishing_2.png

Share this post


Link to post
Share on other sites

@katycomputersystems Functionality to change the group in the computer details is coming back. It was accidentally removed during the redesign.

@Zen11t We have a project/ feature tracked to globally control all of the interactive windows for the future. I will add your comment to there.

Share this post


Link to post
Share on other sites

@ewong With regards to the task progress. This is a tricky thing to make, as the communication is asynchronous. Meaning that agent only checks in on set intervals. Tasks usually do not last that long. For the Component Upgrade task, we have an improvement tracked, to be able to show some progress, until the server / webconsole is updated (it´s tricky, as the webconsole is not running during the upgrade).

With regards to the debug log information, it would be a nice improvement. It´s possible to enable diagnostics / request log collector, but it´s not automatic, as the logs are quite large, and might influence DB performance if not used carefully. I will note your feedback to the improvement with regards to better error reporting.

Share this post


Link to post
Share on other sites

The license manager in the ERA should change. Have you seen how deslock does it? That is nice. I wish if ERA could do the same. 

 

For example: you have 10 licenses, because you manage 10 companies from your era. 

When you click the license, you should be able to see which computers are linked to that license. 

Now I have to go to the ELA and check. Thats not nice. 

 

Deslock does that good. You select the license, it will show you wich computers are connected with that license. Perfect. 

 

Can that be added please?

Share this post


Link to post
Share on other sites

@sindbad We are already tracking improvements to be able to generate reports based on the license usage (used license). I will extend it with your request.

Share this post


Link to post
Share on other sites

Thanks @MichalJ.

I asked the ESET business helpdesk for the following. They said that it’s not possible. Can you confirm? 

 

I do get duplicate IP from eset warnings. I like that feature. I also do get it in the era. It does show that this PC has an IP conflict. But the problem is, I don’t get an email about it. Do you know why it’s not possible to setup a rule for this? I want to see those notifications in my email. It’s important for me if there is a duplicate IP. As I dont login every day on the era and check the logs. 

Share this post


Link to post
Share on other sites
17 hours ago, sindbad said:

I do get duplicate IP from eset warnings. I like that feature. I also do get it in the era. It does show that this PC has an IP conflict. But the problem is, I don’t get an email about it. Do you know why it’s not possible to setup a rule for this? I want to see those notifications in my email. It’s important for me if there is a duplicate IP. As I dont login every day on the era and check the logs. 

Not sure which warning you mean, but in case clients are reporting it as functionality problem, it might be possible to create dynamic group for such devices + notification that will be monitoring changes in this group. It would result in email sent each time devices enters or leaves this dynamic group.

Share this post


Link to post
Share on other sites

 

Description: LAST EXECUTION column in Server Tasks
Detail: I can't seem to be able to find Last Execution column in Server Tasks? It would be useful to have same information  in columns available for same categories of information. At the moment we have to open each task and select Executions tab.

Server tasks:

image.thumb.png.9f7412eef7fba00c50411066468b2a88.png

Client tasks:

image.thumb.png.c67812946991d03695f0e94dfab64394.png

Share this post


Link to post
Share on other sites

@bbahes We are working on redesigning server tasks a bit, so I have expanded the request to include also the "last execution" column in the corresponding window.

Share this post


Link to post
Share on other sites

 

Description: Add ADD FILTERING option in "pop up" forms
Detail: Please add ability to filter in all forms through the entire product. It's hard to scroll and read through so many options. One extra request would be to turn on by default filter by name.

No filter:

image.thumb.png.87e7e863312bddb6ec8fc9ffa033b404.png

 

Filter available:

image.thumb.png.a119cbf60be489fd1cef81bd842d60e9.png

 

Default filter by name:

image.thumb.png.d76325b71454184ba01bc70ca1ee1ff9.png

Share this post


Link to post
Share on other sites

Description: Change CONNECT option from RDP to VNC on client.
Detail: Please add ability to change RDP connection to client to VNC.

image.thumb.png.860a859505509d9598035d8dc07615db.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×