Jump to content
Marcos

Future changes to ESET Security Management Center / ESET Remote Administrator

Recommended Posts

Description: Better ERA reporting/logging visible for client activity and better context-driven options inside ESET

Detail: It doesn't seem to be very easy to see what's happening on clients without going to the client. I would expect there to be a way to see *all* ESET driven actions and logs from inside ERA and those should be actionable -- example: See that a website was blocked by Web Protect in ERA, right click on that and whitelist from a context menu. example: See that an application was blocked incoming or outgoing by the firewall from inside ERA, right click and whitelist or make a new rule from a context menu. Right now this is all very hard and time consuming to manage.

 

Description: Better "standard" templates for behavior of profiles

Detail: We're deploying ESET and it's overwhelming because of so many options. That's a good thing, but because ERA doesn't record much of what is happening on the client side I can't really tell what's going on without spending large amounts of time researching each option and testing with a client in a sandbox.

Share this post


Link to post
Share on other sites

@nhesetnod32 Thank you for reporting. We will be tracking improvement request for that in the future. However as we do not get that much requests for the MDM-related functionality, it does not get very high priority. 

@ludolf I will be tracking improvement requests for both of the reported issues. 

@Sunwardsquash Thank you for the feedback. Concerning the "one click" resolutions, for reported problems, we are working hard to improve those in the future. In the upcoming V7, there will be option to one-click resolve various application problems, and also add exclusions directly from the threats. We want to continue in this direction, so basically address other cases that you have described (web protect, firewall, etc ...).  We are also planning to improve the set of data that is being collected. 

Concerning the templates - can you be more specific? Do you mean policy templates, with more precisely described recommended settings for specific use-cases? What specific policy settings you have found confusing / problematic? 

Share this post


Link to post
Share on other sites

Description: Report setting changes from the client side

Detail: It would be nice if we could configure the agent to report somehow (in an way that's easy to see/report) if a user excludes a folder, turns off parts of the file scanning, etc... Currently, it only reports if the whole thing is turned off, but there are other (non reported) ways to achieve the same things. You can request the configuration one by one currently, and check it manually, but that's not easy, and very time consuming.

Edited by SysEPr

Share this post


Link to post
Share on other sites
12 hours ago, MichalJ said:
 

@Sunwardsquash Thank you for the feedback. Concerning the "one click" resolutions, for reported problems, we are working hard to improve those in the future. In the upcoming V7, there will be option to one-click resolve various application problems, and also add exclusions directly from the threats. We want to continue in this direction, so basically address other cases that you have described (web protect, firewall, etc ...).  We are also planning to improve the set of data that is being collected. 

Concerning the templates - can you be more specific? Do you mean policy templates, with more precisely described recommended settings for specific use-cases? What specific policy settings you have found confusing / problematic? 

It's really only a problem because there isn't much data inside ERA. For example--we're having an issue now (ticket submitted) where ESET is blocking Infopath forms. We have no idea what's causing it, and no triggers or alerts are being generated, but because I turned something on it's being blocked. 

Some things that would be helpful are "best practice" standard policies that explain what the different settings do and what they're for. In absence of that, my goal would be that any action ESET takes be logged to ERA somehow so I could track what's going on centrally and adjust accordingly.

It's nice to see you guys taking the time to read these! Thanks.

Share this post


Link to post
Share on other sites
On 2/26/2018 at 7:27 AM, MichalJ said:

@nhesetnod32 Thank you for reporting. We will be tracking improvement request for that in the future. However as we do not get that much requests for the MDM-related functionality, it does not get very high priority.
 

 

Thanks MichalJ.  I understand in regards to priority.  I think if more folks were aware of this great feature ERA provides it may rise up the ladder :-)

Edited by nhesetnod32

Share this post


Link to post
Share on other sites

Description: Improved Software Installation & Command Execution

Detail: Ability to automate the copy process of installation files (not only *.msi) to the endpoint and then execution of installation command + parameters. Proper exit code recording and handling.

Share this post


Link to post
Share on other sites

we do have the option to choose "remove other antivirus products". Well guess what? I published it through policy and forticlient got removed on all computers and laptops. 

 

Can you please give us an option that we can see a list of what kind of programs will get removed. So we are able to uncheck the ones and then create the package? Does that make sence?

 

thanks. 

Share this post


Link to post
Share on other sites

Right click a pc and update the eset program on the pc and server. Without making a task. Is that an option!

Share this post


Link to post
Share on other sites

Hello,

A list of removed programs can be found at https://support.eset.com/kb3527/#removable.

Regards,

Aryeh Goretsky

 

4 hours ago, sindbad said:

we do have the option to choose "remove other antivirus products". Well guess what? I published it through policy and forticlient got removed on all computers and laptops. 

 

Can you please give us an option that we can see a list of what kind of programs will get removed. So we are able to uncheck the ones and then create the package? Does that make sence?

 

thanks. 

 

Share this post


Link to post
Share on other sites

@Florian87 Can you please elaborate more? What is the use-case you want to achieve? Would you like to use ESET ecosystem to also roll-out other, 3rd party applications, or are you just talking about the the way ESET installers are handled?

Share this post


Link to post
Share on other sites

A few items for consideration:
1. When ERA says "Operating system is not  up to date", provide more information. We have several workstations that say OS not up to date, we update, restart, update, restart, still "OS not up to date"

2. The computer list shows ESET products in the "Security Product" column, it would be nice if it showed other third party products when no ESET product is on the machine.

3. I would like to customize  the action menus. For example "Send Wake-up Call" & "Connect" are useless to us since 95% of our workstations are off-site. 

3a. It would be terrific if the action menus included a Favorite Tasks option that would function like "Last Used tasks" but allow us to define a few (10) of our favorite tasks.

4. Ability to export policy to XML file, then import that XML file. ERA is an amazingly powerful tool, frequently, I know there has to be a setting in there somewhere, but I cannot find it or perhaps, I want to add 20 items, it would be a heck of lot easier if I could export to XML, view/edit XML, then merge it back in.

5. Any integration you could provide with ScreenConnect would be nice. For example I'd like to have the "Connect" action menu remote me into the client's workstation using ScreenConnect.

 

Share this post


Link to post
Share on other sites
1 hour ago, katycomputersystems said:

A few items for consideration:
1. When ERA says "Operating system is not  up to date", provide more information. We have several workstations that say OS not up to date, we update, restart, update, restart, still "OS not up to date"

2. The computer list shows ESET products in the "Security Product" column, it would be nice if it showed other third party products when no ESET product is on the machine.

3. I would like to customize  the action menus. For example "Send Wake-up Call" & "Connect" are useless to us since 95% of our workstations are off-site. 

3a. It would be terrific if the action menus included a Favorite Tasks option that would function like "Last Used tasks" but allow us to define a few (10) of our favorite tasks.

4. Ability to export policy to XML file, then import that XML file. ERA is an amazingly powerful tool, frequently, I know there has to be a setting in there somewhere, but I cannot find it or perhaps, I want to add 20 items, it would be a heck of lot easier if I could export to XML, view/edit XML, then merge it back in.

5. Any integration you could provide with ScreenConnect would be nice. For example I'd like to have the "Connect" action menu remote me into the client's workstation using ScreenConnect.

 

1, What operating system is it? If Window 10, then not all updates are part of Windows updates. If you don't want to be notified about missing OS updates or only about critical updates, you can disable / configure this feature both in an Endpoint and ERA agent policy.

2, You can have non-ESET applications reported if you enable that option in an ERA agent policy:
image.png

 

Share this post


Link to post
Share on other sites

Marcos: Thanks. It's a mix of W7 & W10 causing the update issue. The notification is valuable, we want it to continue, but need a bit more information to help us resolve the alert. 

I changed the non-ESET application setting - looking forward to getting this information, it affects less than 10% of our clients, but the information will be helpful.

I changed this setting & waited until the workstation checking in a couple of times, I still don't see the Security Product listed on this page:

image.thumb.png.3dce723551ddc57dcd4d5ac19ebcfc6f.png

Is it on another page, the client's configuration is showing the new setting:
image.thumb.png.6daeef2d3b5aec9a2ba45a6c643f6aee.png

Client has McAfee:
image.png.e0cd41a11e99acda2e307df5b20d8c8a.png

 

Edited by katycomputersystems

Share this post


Link to post
Share on other sites

@katycomputersystems Thank you for your feedback.

I just assume, that you are an MSP, or a re-seller, that manages multiple customers from the same ERA. Is that correct? Concerning your requests:

  1. This was already responded by Marcos. AFAIK, we are doing some changes in the V7, that will shorten the interval between how often agent queries OS for the OS update status. Therefore, it should not report "outdated" when the system was updated already.  Btw, do you update using ERA, or you update using another method? Eventually, if this does not disappear after the upgrade to V7, we will suggest opening a customer care ticket, with agent trace logs from the period when you have attempted the update, for our analysis. Also, what version of ERA Agent do you use?  Also, is the feature for reporting OS not up to date enabled in Endpoint Security? How is this set?
  2. Security Product column refers only to a "ESET" product. We can´t determine, whether the application installed is a security product or not. Also, as this is rapidly changing, it might be difficult to update it regularly. The best would be to either create a dynamic group, focusing on specific vendors, or create a report of "all installed apps" and then manually searching for a specific app / vendor.
  3. We will track improvement request for that, but this might be a bit more difficult to make.
  4. We are already tracking improvement request for this.
  5. Can you elaborate more please? Do you mean export policy from ERA in XML format, so you can edit it, and then import back? Or? As of now, policies are exported in a proprietary format, used only by ERA, and this format is not XML.
  6. We will note this. ScreenConnect is owned by ConnectWise. Do you use any other ConnectWise applications? I will share this request with my colleague, who handles various integration plugins, to analyze, whether something like that will be possible.

 

Share this post


Link to post
Share on other sites

Description:  Able to determine the "reason" why the task failed in the Task Execution History.

Detail:

Right now, suppose a task failed for a particular system.  In ERA, you go to that system, go to "TASK EXECUTIONS", select the task entry,  and then right click and select "History", it would show something like:

2018   Mar 22 16:06:58           Security product       Failed       Task failed              Task failed in the security product

There's no way to find out "why it failed" until I go directly to that system and do a manual check.

Having some sort of reason why it failed helps the sysadmin to figure out how to get it updated, if it is at all possible.

 

Share this post


Link to post
Share on other sites
1 hour ago, ewong said:

Description:  Able to determine the "reason" why the task failed in the Task Execution History.

Detail:

Right now, suppose a task failed for a particular system.  In ERA, you go to that system, go to "TASK EXECUTIONS", select the task entry,  and then right click and select "History", it would show something like:

2018   Mar 22 16:06:58           Security product       Failed       Task failed              Task failed in the security product

There's no way to find out "why it failed" until I go directly to that system and do a manual check.

Having some sort of reason why it failed helps the sysadmin to figure out how to get it updated, if it is at all possible.

 

I agree with this.

Typical example yesterday, in which I was attempting to install ESET EAV on a machine. The report said "try installing the product locally." Did this and then realised that I was trying to install EAV when I should have been installing ESET File Security for Microsoft Windows Server. 

In this case, I would like to see the report come back and say something along the lines of "Detected O/S: Windows Server 2016. Compatible products are ESET File Security for Microsoft Windows Server." Like wise, if it were a linux system, then "Detected O/S: Ubuntu Server 16.04.4. Compatible products are ESET File Security for Linux / FreeBSD." etc. 

The agent has all the info about the O/S, so why not use that information and parse back some meaningful information?

 

Andy

Share this post


Link to post
Share on other sites
10 hours ago, katycomputersystems said:

Marcos: Thanks. It's a mix of W7 & W10 causing the update issue. The notification is valuable, we want it to continue, but need a bit more information to help us resolve the alert. 

I changed the non-ESET application setting - looking forward to getting this information, it affects less than 10% of our clients, but the information will be helpful.

I changed this setting & waited until the workstation checking in a couple of times, I still don't see the Security Product listed on this page:

image.thumb.png.3dce723551ddc57dcd4d5ac19ebcfc6f.png

Is it on another page, the client's configuration is showing the new setting:
image.thumb.png.6daeef2d3b5aec9a2ba45a6c643f6aee.png

Client has McAfee:
image.png.e0cd41a11e99acda2e307df5b20d8c8a.png

 

Personally, I think this would allow us to sell a lot more ESET. Going a bit further, I wonder if it is possible to get the expiration date of the installed product? Then a month or two before the competing product is due for renewal, we as MSP's can go in and quote for the renewal.

 

Andy

Share this post


Link to post
Share on other sites
36 minutes ago, LCS said:

Personally, I think this would allow us to sell a lot more ESET. Going a bit further, I wonder if it is possible to get the expiration date of the installed product?

The problem with this is that there's no unified location for storing information about license expiration dates of installed software.

Share this post


Link to post
Share on other sites
11 minutes ago, Marcos said:

The problem with this is that there's no unified location for storing information about license expiration dates of installed software.

Agreed. I even thought about the programming logistics of that when I posted it, but as the forum is about suggestions, I thought what the heck, let's put it in, as it is a nice idea (IMO) :)

Andy

Share this post


Link to post
Share on other sites

@LCS I agree, I like the idea by myself too.  We will discuss this internally, whether there is a viable solution to find it. It will simplify the migration to ESET, which is our common interest. 

Share this post


Link to post
Share on other sites
3 hours ago, MichalJ said:

@katycomputersystems Thank you for your feedback.

I just assume, that you are an MSP, or a re-seller, that manages multiple customers from the same ERA. Is that correct? Concerning your requests:

  1. This was already responded by Marcos. AFAIK, we are doing some changes in the V7, that will shorten the interval between how often agent queries OS for the OS update status. Therefore, it should not report "outdated" when the system was updated already.  Btw, do you update using ERA, or you update using another method? Eventually, if this does not disappear after the upgrade to V7, we will suggest opening a customer care ticket, with agent trace logs from the period when you have attempted the update, for our analysis. Also, what version of ERA Agent do you use?  Also, is the feature for reporting OS not up to date enabled in Endpoint Security? How is this set?
  2. Security Product column refers only to a "ESET" product. We can´t determine, whether the application installed is a security product or not. Also, as this is rapidly changing, it might be difficult to update it regularly. The best would be to either create a dynamic group, focusing on specific vendors, or create a report of "all installed apps" and then manually searching for a specific app / vendor.
  3. We will track improvement request for that, but this might be a bit more difficult to make.
  4. We are already tracking improvement request for this.
  5. Can you elaborate more please? Do you mean export policy from ERA in XML format, so you can edit it, and then import back? Or? As of now, policies are exported in a proprietary format, used only by ERA, and this format is not XML.
  6. We will note this. ScreenConnect is owned by ConnectWise. Do you use any other ConnectWise applications? I will share this request with my colleague, who handles various integration plugins, to analyze, whether something like that will be possible.

 

@MichalJ Thanks for your comments, yes we are a MSP, though our world view is similar to an IT department of a large organization. For example, a hospital would organize their departments in a manner similar to how we view independent customers.

1. We are using eset, WuInstall and abc-update to keep Windows up to date, of course W10 attempts to keep itself updated on its own. Our preference is to update as soon as Microsoft releases updates. The problem I have is that I cannot seem to clear the "Update Needed" flag in eset, I assume that means that there is a missing update that requires manual intervention, I would appreciate eset Remote Administrator's assistance in helping us identify the issue. I suspect the issue is logged somewhere - that is after all how you are determining that the system is not up to date.

2. If Security column only refers to a ESET product, what is the point of this setting?

image.png.d32d221c5036e9b5faf7ed7131e9ea39.png

3. You are breaking my heart, I still love ESET Remote Administrator, but would be much happier if I had the ability to easily set commonly used tasks. Currently, it is a multi-step process.

4. Hmm - our numbering may be out of sync, that will be great if you facilitate favorite tasks, the other request is just bonus

5. Yes, I would like some file, any text file really that can be edited & merged back in. Merging may be problematic, so export in text/XML format then import back into new policy would be fine. BTW there is a bad flaw in the policy management system. If you edit an Endpoint policy and make the mistake of changing it to Remote Agent policy, you loose all your Endpoint policy settings. I cursed your developers over this issue. Won't make that mistake again :-(

6. I only use ScreenConnect. 

Thank you for your help. 

Share this post


Link to post
Share on other sites
3 hours ago, MichalJ said:

Security Product column refers only to a "ESET" product. We can´t determine, whether the application installed is a security product or not. Also, as this is rapidly changing, it might be difficult to update it regularly. The best would be to either create a dynamic group, focusing on specific vendors, or create a report of "all installed apps" and then manually searching for a specific app / vendor.

Can you integrate the ESET AV Remover tool into ERA? It can detect AV-s, remove them, and you have a list in your KB site with all the AVs that it can handle.

Share this post


Link to post
Share on other sites

@katycomputersystems

Thank you, for the additional feedback. 

  1. We will investigate the Windows Update issue. 
  2. It´s basically affecting the data, that is reported to reports "installed applications" which is in the "computer details / installed software" and in the respective reports. Basically after that, it will start reporting all apps, installed / registered on the OS (Windows, Mac, Mobile). You can then work on preparing a "dynamic group", that will list all computers with a specific vendor name in there (there will be a great improvement coming in the V7, where when you will choose conditions (like application vendor), it will show you all of the values in the DB, which will make it simpler to achieve this to a limited extend). Also, the V7 will allow you to filter computers, without ESET Security installed, directly in the "computers" pane. 
  3. As I have said, we will track the improvement, but we will have to discuss internally, about how to do it. 
  4. We would like to give you the option to use "tags" and then filter out tasks with a selected tag (like "favorite"). 
  5. Understood. I will also track improvement for explicit warning, that when you change the policy product, your entries will be lost (I agree, that it might be annoying). 
  6. Thanks for clarification. 

 

Share this post


Link to post
Share on other sites

@SysEPr It is already integrated in the ERA agent.

You can run a task "software uninstall" where you can choose the option to use the AV Remover, to clean "supported applications". 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×