Customer satisfaction survey 2021

[igi008 19]

On 11/2/2021 at 10:12 AM, INDUS_MH said:

Comment for 7:

We use the business products and will likely not be extending the subscription.

Reasons are the lacking integrations for automation and monitoring tools.

 

• SNMP can not be configured via webinterface
• Syslog logging is not useful (no logs are sent if an endpoint detects malware)
• I could find no integrations for SIEM, SOAR or SOC solutions.
• collecting logs from an endpoint via the ESET Protect webinterface fails most of the time.

 

Thank you very much for your message. We are very sorry about that. We would like to improve our product to fit your needs. 

Quote

SNMP can not be configured via webinterface

Yes, it is true, but our console is aimed at managing security not for allowing or installing services on OS. However, in some cases, it could be interesting. We have a very powerful task in our console - RUN Command (https://help.eset.com/protect_admin/90/en-US/client_tasks_run_command.html). Theoretically, it may be helpful to enable anything, that is possible through the command line.

Quote

Syslog logging is not useful (no logs are sent if an endpoint detects malware)

Do you use on-prem management console or cloud? In both cases is a bug, because it should work. If you use ESET PROTECT Cloud please could you send us instance ID (you can find it in ESET Business Account - Help on upper-right corner - About)

Quote

I could find no integrations for SIEM, SOAR or SOC solutions.

In general, we support Syslog, events, and structure are described here: https://help.eset.com/protect_cloud/en-US/events-exported-to-json-format.html. Do you prefer specific integration with specific SIEM/SOAR tool?
In the case of specific ESET products like Mail security we have also certified integrations, for example: https://marketplace.microfocus.com/arcsight/content/eset
If something specific for the console is required, we can consider it.

Quote

collecting logs from an endpoint via the ESET Protect webinterface fails most of the time.

As my colleague already mentioned, there is some limit, but it should be sufficient for almost all cases. Is the size of the log reason for failing? Which log are you trying to collect? Sysinspector, Lgcollector, or Diagnostic Logs?

 

Many thanks for your help and feedback, we appreciate it

Edited November 12, 2021 by igi008

[INDUS_MH 1]

1 hour ago, igi008 said:

Thank you very much for your message. We are very sorry about that. We would like to improve our product to fit your needs. 

Yes, it is true, but our console is aimed at managing security not for allowing or installing services on OS. However, in some cases, it could be interesting. We have a very powerful task in our console - RUN Command (https://help.eset.com/protect_admin/90/en-US/client_tasks_run_command.html). Theoretically, it may be helpful to enable anything, that is possible through the command line.

Do you use on-prem management console or cloud? In both cases is a bug, because it should work. If you use ESET PROTECT Cloud please could you send us instance ID (you can find it in ESET Business Account - Help on upper-right corner - About)

In general, we support Syslog, events, and structure are described here: https://help.eset.com/protect_cloud/en-US/events-exported-to-json-format.html. Do you prefer specific integration with specific SIEM/SOAR tool?
In the case of specific ESET products like Mail security we have also certified integrations, for example: https://marketplace.microfocus.com/arcsight/content/eset
If something specific for the console is required, we can consider it.

As my colleague already mentioned, there is some limit, but it should be sufficient for almost all cases. Is the size of the log reason for failing? Which log are you trying to collect? Sysinspector, Lgcollector, or Diagnostic Logs?

 

Many thanks for your help and feedback, we appreciate it

Thanks for the response @igi008,

I use the on premise Virtual Appliance for Eset Protect.

I Agree that SNMP Monitoring is not necessary needed for the Windows or Cloud Protect variants. But the appliance should have an easy way to configure it. The currentway to configure it via the config file is just not User friendly.

I will continue to test the Syslog output. So far we tried it with Graylog and Splunk. Both had no plugins or templates for Eset and we had to experiment with the differnt formating options in the Protect Console.

For Integrations I looked at products like Splunk, FortiSOC, FortiSIEM, PaloAlto XSOAR etc. 

For the logs failing, ths was due to the size limit. I had to provide log collector logs for some cases I had open. There it would have been nice to be able to get the necessary logs from the Protect console instead of having to remote in to the users device and manually collect logs.

Feel free to directly message me if you want additional information

Kind regards

 

[nexon 8]

Survey 2022?

[Jessk2 0]

On 10/25/2021 at 5:34 PM, AZ Tech said:

5). Not infected in the literal sense because most of the tests are done on a virtual machine, but I found some "not many" samples that were not detected by eset, and were detected by behavioral detection of another antivirus, of course that was before releasing LiveGuard .
and to be fair, under conditions of normal home user use and no intentional search for new malware samples this would not have happened.

8). I already have ESET Smart Security Premium , But I miss the "File Shredder" feature, because it makes no sense to provide the ability to encrypt the data and not provide the Possibility to delete the original data securely !!
LiveGuard also need improvement, I agree with @itman .


9). Advanced Behavioral Detection System with Ransomware Remediation and rolls back the changes made by malicious applications. Recurring billing software here simplifies the process of setting up automatic payments for services or products.

I tried both and now use BitDefender. For me, the choice is really between a good AV and a pretty good AV. I stopped using ESET a while ago because I discovered BitDefender had a faster startup time with machines. I have no issues with either product.

In terms of "guard at the gates," I believe both will be equally secure. It will come down to price and who has the best performance in your environment.

Edited August 11, 2022 by Jessk2