Jump to content
Marcos

Future changes to ESET Security Management Center / ESET Remote Administrator

Recommended Posts

Description: Policy revision

Detail: It would be very welcome feature if policy had revision tab, so we can see what has changed over time. This revision tab would, if implemented, allow us to see all settings in tree view. At the moment we have to go to policy and drill down entire policy to get a look what settings we had in previous policy. Maybe this has already been requested in different form, like I had previously in this topic

 

Share this post


Link to post
Share on other sites
On 9/8/2018 at 11:54 AM, bbahes said:

I've noticed they have this task out of the box:

 

You should only assign this to appropriate groups, by default it is assigned to 'Lost & found' group.

Share this post


Link to post
Share on other sites

Description: Enable right-click and double-click in ERA

Detail: ERA is one of the most easy-to-use management services I have used. However i believe that to make it more ergonomical there should be a functionality that lets users double-click on something. For example, when wanting to generate a report you first have to click on the report, then go down to the "GENERATE NOW" button and click that. I feel like adding the ability to open reports and other things with a simple double-click action would improve accessibility.

The right-click I admit is quite an odd suggestion seeing as if you click on a field once it brings up a menu etc, however, again for things like editing reports, you first have to click the report, then click on the little cog icon over to the far right, and then click on edit. Would it not be easier just to be able to right click the report and choose edit?

 

A very pedantic suggestion I know...

Share this post


Link to post
Share on other sites

Description: A "Reset to Default" option for different parts of the ERA.

Detail: This one has mainly been discovered due to my own fault. There are many things that can be played with within ERA which is great, however I think there are some of us that might play a little too much and then get to a point where we've changed so much of something that it doesn't work or doesn't give you what you want. 

For areas such as reports and policies, it might be a good idea to have a button that you can click while editing that restores the default values. That way, if you play around too much and feel like you just want it back to how it was before, you have a reset button as a saviour.

Share this post


Link to post
Share on other sites

@bbahes thank you for your feedback. We are tracking several improvements, that should allow tracking of policy modification history / policy versioning. I will link your feedback to those.  Also, the resulting configuration is now a result of multiple merged policies (if more are applied) + local modifications. We are as well tracking improvement to visualize the "winning policy" next to each setting that is configured.

Share this post


Link to post
Share on other sites

@Kieran Barry thank you as well for your feedback. With regards to the "double clicks", we are moving to "single click" options, for example for reports, or navigation. Many of those are already in V7, and we plan to add more into the future. Also, toggle context menu on right-click is something that is being evaluated.

Concerning the "reset to defaults", can you please provide more use-cases - where you would like to see those? You have mentioned reports / policies - would for example "locking down" the build-in templates as "read only" work, so you will be in fact forced to "clone / duplicate" the entry to do any modification? Or you would simply prefer to "undo changes" done within a specific object (factory defaults). If you can provide an example when you wanted to do it, it might help us to better understand the problem, and come up with a proper solution for it.

Share this post


Link to post
Share on other sites
3 minutes ago, MichalJ said:

@Kieran Barry thank you as well for your feedback. With regards to the "double clicks", we are moving to "single click" options, for example for reports, or navigation. Many of those are already in V7, and we plan to add more into the future. Also, toggle context menu on right-click is something that is being evaluated.

Concerning the "reset to defaults", can you please provide more use-cases - where you would like to see those? You have mentioned reports / policies - would for example "locking down" the build-in templates as "read only" work, so you will be in fact forced to "clone / duplicate" the entry to do any modification? Or you would simply prefer to "undo changes" done within a specific object (factory defaults). If you can provide an example when you wanted to do it, it might help us to better understand the problem, and come up with a proper solution for it.

Hi @MichalJ,

Okay great, I think it would help accessibility quite a lot as I always seem to find myself right clicking on something and then remembering that it doesn't do anything.

In answer to your question, I believe that it is a good thing that the built-in policies and reports can be changed as if someone did want to change something then it stops them from being inundated with duplicates, so I don't think that they should be locked down forcing people to create more and more of them.

In regards to other use-cases, I think to be honest it would most likely be used for policies and reports, and thinking about it now maybe it would be a good idea for tasks to have a reset function. Just so it makes it easier to get back to the beginning instead of having to recreate duplicates all the time.

An example could be: I've been trying to reconfigure the "Last Scan" report to show only those machines that haven't been scanned for 7 days or more and make it into a table. To do this I have changed quite a lot of the settings, most notably the "Data" and "Filter" settings for the report with no luck. I thought it would be a good idea to reset the template back to how it was originally but unfortunately I can't remember how it was set out-of-the-box, so now I am a bit stuck and have a report that doesn't work and no idea how to get it back to what it was before.

 

I hope this helps, if you want any more information then let me know.

Regards,

Kieran Barry

Share this post


Link to post
Share on other sites

Description: The ability to turn off threat alerts regarding windows updates.

Detail: I know that Windows Updates are important, however, in a business situation they are usually controlled by the administrator in the IT Department (me) and are not automatically rolled out whenever they are available. Some updates don't work with some of the systems that we employ and therefore they do not get rolled out at all. When checking through the ERA console, 27 of our machines are showing that they have a security notification because they do not have all of the newest Windows Updates as I have chosen not to roll them out to these specific machines. It isn't really an issue but it makes it look like 27 of the machines aren't functioning correctly when in fact they are working fine.

Share this post


Link to post
Share on other sites
31 minutes ago, Kieran Barry said:

Description: The ability to turn off threat alerts regarding windows updates

It is already implemented. You can disable this in Agent policy

image.png.fe51ff036a65ba08b99fe1d5ca95cc14.png

Share this post


Link to post
Share on other sites
17 minutes ago, karlisi said:

It is already implemented. You can disable this in Agent policy

image.png.fe51ff036a65ba08b99fe1d5ca95cc14.png

I have just disabled this, assigned it to all of the machines, checked that it is working by looking at the applications they have installed on their machine (which it is working) and these are still coming up in my dashboard reports.

Share this post


Link to post
Share on other sites

Check also Endpoint policies and make sure it's not configured to report missing OS updates:

image.png

Share this post


Link to post
Share on other sites

Few machines were showing windows updates alerts even after turning off updates notification. I had to restart those machines.

Share this post


Link to post
Share on other sites

Description: Scheduled WOL
Detail: The ability to schedule a "Send Wake-up Call" Server Task, to wake up workstations to facilitate running of modules updates, system scans and other things during non-business hours.
An independent WOL script isn't as robust, especially across VLANs and such, and none of the Server tasks have a "[wake up to run]" option.

TSa Kyle has submitted a ticket for this.

Edited by Sam Fonteno

Share this post


Link to post
Share on other sites

Description: Agent logs in Endpoint product
Detail: It would be practical to have agent log in Endpoint product Log Files for easier export and review.

 

image.png.2057a26e16e2e37b9761218c55004556.png

Share this post


Link to post
Share on other sites

@Sam Fonteno If you configure your tasks in advance, those are actually run by ESMC / ERA agent, Connection to server is not needed. And success is reported during next replication window. Also, secondly, in case something serious happen (status of product is changed, or high severity detection has occurred) agent automatically initiates our of order replication, and reports the status back to the centralized server.  I do not see a reason how a "Scheduled WOL" would help in this matter. But maybe I am not understanding you correctly, so please provide more details.  Also, server tasks are done on the server, by the server.

Share this post


Link to post
Share on other sites

@bbahes Thanks for your feedback. We are tracking several improvements (some of them targeting 7.1) that should make accessibility / readability of the agent logs simpler.

Share this post


Link to post
Share on other sites

@MichalJ Client Tasks currently available to be scheduled to run in advance are all only the "run on [x schedule]" and "or asap if unable" type.
None of them have the option "wake up the device if necessary".

The manual "Send Wake-up Call" action is run on the server by the server (either using the server's NIC to send a UDP packet, or to trigger the EPNS), so it would make sense for it to be a Server Task.

Enterprise policy is that a computer is to be shut down when the person leaves for the day, so if the computer is on, then someone is actively trying to use it.
Windows' Task Scheduler has the "Wake the computer to run this task" option, but the computer has to be only Sleeping for that to work.

I'm simply requesting that the "Send Wake-up Call" action be made available as a scheduled Server Task so that vulnerability scans, Windows Updates installations, etc., can happen outside of business hours.

Edited by Sam Fonteno

Share this post


Link to post
Share on other sites

@Sam Fonteno Thanks for the response. Just to double-confirm - you are seeking an option, that would be able to wake up the device, if it´s asleep / switched off, the same way as the WOL works. Correct?

Share this post


Link to post
Share on other sites

Description: Add fields to Computers list

Detail: In ESET ERA 5.x you could customize the fields in the list of computers. It made it very easy to see what user is logged into a particular machine because you could add a custom field with the username. In ESMC, you have to click on the machine, then click Show Details and then scroll down to Users to see who is logged in. The same goes for the Virus DB version (now called Detection Engine in ESMC). Please give administrators the option to make the console less click intensive. We need to be able to find info quickly without having to click and scroll so much.

Thanks for listening.

Share this post


Link to post
Share on other sites

@Campbell IT Concerning your feedback. Issue with "logged in users" is, that there could be more than one user logged in on the machine, so choosing just one, might not be valid. However we are tracking improvement request to have this (adding the information in computer details was the first step). We are working on a redesigned computer table element, that would be more robust from the point of view of displaying the desired information.

Detection engine (previously VSDB) is not coming back, as it´s just one of many modules in the product, and the information does not really indicate whether the product is updated or not. We are instead working on adding information about "last update attempt" and "last successful update". Out of curiosity, for what purpose you would use the Detection Engine version info for?

We are also working on "tagging functionality" that would allow specification of tag manually (in the first phase) and later automatically, that would replace the "custom fields" functionality in the old ERA V5.

Share this post


Link to post
Share on other sites
10 hours ago, MichalJ said:

@Campbell IT Concerning your feedback. Issue with "logged in users" is, that there could be more than one user logged in on the machine, so choosing just one, might not be valid. However we are tracking improvement request to have this (adding the information in computer details was the first step). We are working on a redesigned computer table element, that would be more robust from the point of view of displaying the desired information.

Detection engine (previously VSDB) is not coming back, as it´s just one of many modules in the product, and the information does not really indicate whether the product is updated or not. We are instead working on adding information about "last update attempt" and "last successful update". Out of curiosity, for what purpose you would use the Detection Engine version info for?

We are also working on "tagging functionality" that would allow specification of tag manually (in the first phase) and later automatically, that would replace the "custom fields" functionality in the old ERA V5.

Thank you for looking into the suggestion. We only have a few computers that would have multiple users logged in at one time. In 5.x, the logged in user shows up as "Multiple users". It doesn't happen often, so it wouldn't be a problem for us. To clarify - I'm asking to have the option to display this info in the computer table. Either have it off by default, but allow admins to enable it or vice-versa.

Regarding the Detection engine, what I am looking for (and what we used the VSDB info for) is to be able to see at a quick glance, which machines are not updated. I suppose that ESMC will flag machines in red if they have an issue, but then we have to drill down to find out what is going on. Sometimes it's as simple as the machine being turned off, which we don't need to investigate.

Share this post


Link to post
Share on other sites

Thank you @Campbell IT Concerning the "logged users" - all is clear. We are already tracking an improvement for that, so I have added your feedback to it. With regards to the "Detection Engine", would the information about "last update attempt" (= when the application contacted ESET Servers, to check whether there is a newer version of any module) or "last successful update" (= when the application actually downloaded any of the newer modules from ESET Servers, which means it´s working with the latest modules), be sufficient to you?

In the meantime, logic works, that machine changes its status from updated to non-updated after 7 days, and will report a protection status (red) with "modules out of date". If you are more strict with this, what you can do is to shorten the alert interval down to one day, by configuring a setting in a policy for security product as follows:

 

settings.png

Share this post


Link to post
Share on other sites
On 9/27/2018 at 8:17 AM, MichalJ said:

@Campbell IT Concerning your feedback. Issue with "logged in users" is, that there could be more than one user logged in on the machine, so choosing just one, might not be valid. However we are tracking improvement request to have this (adding the information in computer details was the first step). We are working on a redesigned computer table element, that would be more robust from the point of view of displaying the desired information.

Detection engine (previously VSDB) is not coming back, as it´s just one of many modules in the product, and the information does not really indicate whether the product is updated or not. We are instead working on adding information about "last update attempt" and "last successful update". Out of curiosity, for what purpose you would use the Detection Engine version info for?

We are also working on "tagging functionality" that would allow specification of tag manually (in the first phase) and later automatically, that would replace the "custom fields" functionality in the old ERA V5.

We've had situations where ESET had problems with antivirus database (usually many false positives with web filtering) where we had to revert to previous version. However, that was not main focus for us since fix was delivered in few hours, but we had quick overview of what clients had which version in comparison to ESET server or ERA server.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...