Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)

[MichalJ 434]

@SysEPr I will track improvement for that.

[SysEPr 4]

Just now, MichalJ said:

@SysEPr I will track improvement for that.

Thank you! Do you have a rough idea when the new version will be released? Are you shooting for Q1, Q2...?

[MichalJ 434]

As of now the plan is to release the version 7 in Q2. More details will be available in April.

[pps 4]

Description: Capability to force stop freezed tasks

Detail: It would nice if we have the choice to force stop freezed tasks 

-----------

Description: Capability to use 'group by' in reports

-----------

Description: Capability to clean the quarantine older than X days or Y weeks

Detail: In  client tasks we can make a quarantine management task but we can define only period with date "OCCURRED FROM" to date "OCCURRED TO" so before after each run we must redefine this dates.

-----------

Description: Firewall Learning mode directly from workstations

Detail: Instead of use learning mode in a few workstations and then manually import and then merge the rules in the ERA, it would be nice to have the option to select some workstations and learn from them automatically the rules. So the only job the admin job is to only block or allow the ports.

-----------

Description: Firewall in File security products

Detail: in the latest version you can't use endpoint security in windows server editions and if you need firewall you must use windows firewall

-----------

Description: Smarter Firewall that can use files as samples and not paths

Detail: Firewall can use a sample file to allow or block the connection

-----------

Description: Force restart of workstations for malfunctions or updates (like windows update)

Detail: Many times users don't restart their computers even if they see warnings that they need and the product can't work right

-----------

Description: Database clean up

Detail: In the database tables we can find unused entries of tasks, policies (tbl_policies) and etc. so it will be nice if we can run a task and delete them.

-----------

Description: Apache Tomcat 7 64bit instead of 32bit

Detail: Ability to change the 32bit (limit 1280MB of memory) Tomcat 7 to 64 bit with a few simple clicks.

-----------

Description: Folder creation in policies

Detail: User can create folder so he can store old policies for versioning and history puproses

-----------

Description: Blocked webpage message in Web Control (asked already from another user)

Detail: It would be nice to instead of plain text to add HTML so we can add images links and more. Also the company logo is way to small in the page.

-----------

Description: Workstation can have different policy from the policy in his group

Detail: Many times we have found that some workstations have slightly different policies from the policy that is used in their group. So can we monitor which computers have different policies if any and which options of the endpoint suite differ and all of that inside the ERA console?

-----------

Thanks,

Peter

[SysEPr 4]

Description: Show assigned user in computer list

Detail: There should be a column that should show the assigned user in the computer list

[MichalJ 434]

@SysEPr What kind of a problem you would fix by this? We are adding the option to search for "assigned user". Also, assigned user will be seen in the "client details". Why this is needed in the "computers" section? 

[MichalJ 434]

@pps Thank your for your feedback. 

Description: Capability to force stop frozen tasks

• This is in the backlog. What do you mean by “frozen” ? (does it happen to you, that tasks got stuck in some state – running?)

Description: Capability to use 'group by' in reports

• This is being continuously added. Are there any specific symbols, that you would like to use for “group by” ?

Description: Capability to clean the quarantine older than X days or Y weeks

• Does this mean, that you would like to basically schedule a task for “quarantine cleanup” for files older than XY Days? Would it be acceptable to have this as a policy setting?

Description: Firewall Learning mode directly from workstations

• Does this mean, that you want to “merge rules” from multiple workstations, and convert them into the policy for the rest? Or how this should work?

Description: Firewall in File security products

• This was never possible. What kind of a problem you are trying to solve, by using the “Endpoint Firewall” on the Windows Server system? Does it mean, they are not beyond some physical network FW or?

Description: Smarter Firewall that can use files as samples and not paths

• Can you provide a bit more information about this. As I am not sure, what kind of a problem you would like to solve by this.

Description: Force restart of workstations for malfunctions or updates (like windows update)

• You have a task for that as of now. Or you can use the “run command”. In the V7 the issue with “not automatically performing reboot” after upgrade will be fixed as well.

Description: Database clean up

• In V7, we will bring more granular options for database cleanup. However some of the tables, like TBL policies are not cleaned automatically. Why you want to remove them? Just to save the DB space?

Description: Apache Tomcat 7 64bit instead of 32bit

• We will track improvement for that.

Description: Folder creation in policies

• We will track improvement for that (AFAIK we have some, and there is a proposal by the UX team, but I will have to check) 

Description: Blocked webpage message in Web Control (asked already from another user)

• We will track improvement for that.

Description: Workstation can have different policy from the policy in his group

• What do you mean by this? Workstation has only the policy, that is assigned. However, workstation might have multiple policies assigned, meaning it could have a different “resulting configuration”. Also, settings not set via policy are “accessible” to the user, so he is able to adjust them locally. We are planning to improve the readability of the policies screen in a way, that it will explicitly inform the end-user about from where a specific setting is set. We do not have a target version yet, but it´s being tracked.

[SysEPr 4]

21 minutes ago, MichalJ said:

@SysEPr What kind of a problem you would fix by this? We are adding the option to search for "assigned user". Also, assigned user will be seen in the "client details". Why this is needed in the "computers" section? 

My issue is that's hard to find computers that are not assigned to anyone. Let's say there is a fresh install, and it goes into the pool, but I don't necessarily know which one it is, but I definitely want to assign it to a user. For example, I had 25 computers today and only 24 were assigned to actual users, but I had to go through each computers one by one to figure out which one is not assigned.

[pps 4]

Description: Capability to force stop frozen tasks

• This is in the backlog. What do you mean by “frozen” ? (does it happen to you, that tasks got stuck in some state – running?)

      Explanation: Many of my tasks are been frozen such as an endpoint push to a few dozen workstations (for example see topic: Server Task Status is Running but no ongoing progress)

Description: Capability to use 'group by' in reports

• This is being continuously added. Are there any specific symbols, that you would like to use for “group by” ?

Explanation: For example  I have the same antivirus threat in 20 workstations and I need a report or view that says I have this threat name and 20 occurrences. The same logic applies better in the firewall because there are ten of thousands of FW events. In FW I want to extract the DINSTICT processes from all workstations and the total count that they appear.

Description: Capability to clean the quarantine older than X days or Y weeks

• Does this mean, that you would like to basically schedule a task for “quarantine cleanup” for files older than XY Days? Would it be acceptable to have this as a policy setting?

Explanation: That will be okay too.

Description: Firewall Learning mode directly from workstations

• Does this mean, that you want to “merge rules” from multiple workstations, and convert them into the policy for the rest? Or how this should work?

Explanation: Forward learning modes from multiple workstations directly to ERA Console. From there we should filter DISTINCT rules from these workstations that we can allow or block.

Description: Firewall in File security products

• This was never possible. What kind of a problem you are trying to solve, by using the “Endpoint Firewall” on the Windows Server system? Does it mean, they are not beyond some physical network FW or?

Explanation:  Without eset firewall in in windows server you cannot monitor which applications are allowed and which blocked from inside the ERA Console.

Description: Smarter Firewall that can use files as samples and not paths

• Can you provide a bit more information about this. As I am not sure, what kind of a problem you would like to solve by this.

Explanation: If we have the same executable (for example abc.exe) in many different paths (for example c:\abc.exe, c:\users\abc\abc.exe and etc) and in many workstations we have to use one rule for every different path. (see topic: Firewall rule with no application path but only application name)

Description: Force restart of workstations for malfunctions or updates (like windows update)

• You have a task for that as of now. Or you can use the “run command”. In the V7 the issue with “not automatically performing reboot” after upgrade will be fixed as well.

Description: Database clean up

• In V7, we will bring more granular options for database cleanup. However some of the tables, like TBL policies are not cleaned automatically. Why you want to remove them? Just to save the DB space?

Explanation: Yes, the main reason is the DB size and the response in ERA Console.

Description: Apache Tomcat 7 64bit instead of 32bit

• We will track improvement for that.

Description: Folder creation in policies

• We will track improvement for that (AFAIK we have some, and there is a proposal by the UX team, but I will have to check) 

Description: Blocked webpage message in Web Control (asked already from another user)

• We will track improvement for that.

Description: Workstation can have different policy from the policy in his group

• What do you mean by this? Workstation has only the policy, that is assigned. However, workstation might have multiple policies assigned, meaning it could have a different “resulting configuration”. Also, settings not set via policy are “accessible” to the user, so he is able to adjust them locally. We are planning to improve the readability of the policies screen in a way, that it will explicitly inform the end-user about from where a specific setting is set. We do not have a target version yet, but it´s being tracked.

Explanation: For example an admin  has made a change to a workstation1 and disabled the firewall then some other day has disabled the device control in some other workstations and forget afterwards to turn it on. Some time has passed and in a third workstation has disabled the initial scan and in another has disable the detection of potentailly unwanted application. So all four of them are in contrary of the ERA policies applied to the group that contains these workstations and should be an easy way to find out in dashboard and or reports.

Secondly there should be an option through ERA console to force the above workstations  to undo the setting changes and revert back to the one's of the policies .

[SysEPr 4]

Description: Alternative two factor authentication methods

Detail: I think there should be multiple two factor authentication methods, like support for the free (and maybe the paid) version of Authy, Google Authenticator, etc...

[pps 4]

Description: Add sorting in Firewall rules

Detail: Sorting in Firewall rules when clicking the header (for example If you click Action then there will be sorting the rules by Action ASC and if you click again by ction DESC)

Description: Every Rule has a number

Detail: Every rule should be identified by a number, if a rule number is smaller from another that means that this rule is applied first.

Description: Separator between firewall rules

Detail: If you want to seperate the rules depending per application  or per suite (office, adobe) or per use (rdp, teamviewer, ammyy ) then you should have the capability to use seperators before and after each group so they can be more easy to read. It will be even more interesting if you can expand and minimize each application group.

 

Thanks,

Peter

[Marcos 5,259]

27 minutes ago, pps said:

Detail: Sorting in Firewall rules when clicking the header (for example If you click Action then there will be sorting the rules by Action ASC and if you click again by ction DESC)

This is not possible since the order of rules determines their priority. There's a Search function (a magnifier glass icon) where you can filter what you want, e.g. enter "Allow" to filter permissive rules. Or enter an application name to filter rules for that particular application, etc. The rule editor is subject to improvement in future versions.

[bbahes 29]

On 1/31/2018 at 5:24 PM, Marcos said:

This is not possible since the order of rules determines their priority. There's a Search function (a magnifier glass icon) where you can filter what you want, e.g. enter "Allow" to filter permissive rules. Or enter an application name to filter rules for that particular application, etc. The rule editor is subject to improvement in future versions.

Why not then add column "Order of rule application" when sorting when clicking on header?

[Pinni3 21]

Description: add some communication method between era administrators
Detail: Add some MSG Center to dashboard. For example I make some global change on ERA server and want to every other admin see my note / msg. Or lets use smtp server and lets push emails via it to selected administrators (they have emails in details so console could use that)

 

Description: Delete task from station destroys trigger not task
Detail: At this moment when You want to kill scheduled task, You need to find that task, then trigger and delete it there...There is no chance to delete trigger from station view...Delete task from computer view delete task...Thats serious issue...Same thing is with rerun task. It add new one instead of reschedule existing task.

[pps 4]

Description: Unprotected WiFi Message - Captive portal
Detail: In our company we use a wifi network with captive protal (we enter the user and the password in a web browser page).

The endpoint client warns about unprotected Wifi. Is there any way from ESET Remote Adminitrator to supres s that message or exclude the warning for the specific network SSID?

 

Description: Capability to Remote manage one computer settings
Detail: Should we have the option to remotely manage real time a specific setting in ESET Endpoint Security. Until now we must Request configuration to see what eset settings the workstation has and then to run a client task to change the setting that we want and the change is no real time.

Thanks,

Peter

[LCS 3]

2FA - I've heard rumours that in the next version of ERA, we will also be controlling Endpoint Encryption as well. I feel that it is imperative that some form of 2FA is used to confirm our login details to ERA. The days of a simple userid (which everyone knows, because it displays automatically), with a simple password are long gone.

 

Andy

[Marcos 5,259]

45 minutes ago, LCS said:

2FA - I've heard rumours that in the next version of ERA, we will also be controlling Endpoint Encryption as well. I feel that it is imperative that some form of 2FA is used to confirm our login details to ERA. The days of a simple userid (which everyone knows, because it displays automatically), with a simple password are long gone.

2FA is already supported in the current version of ERA.

[LCS 3]

1 hour ago, Marcos said:

2FA is already supported in the current version of ERA.

I've missed that. Can you educate me as to how to enable it?

Andy

Scrub that. I found it. Doh!!!

Edited February 8, 2018 by LCS

[ludolf 6]

Hello

Description: modify links in threat notification to unclickable

Detail: admin/itsec receives plain text threat notification. He copies to another program, or forward as html. Receiver accidentally can click on the link (for example, when he tries to copy only the link).

Computer name;Severity;Time of occurrence;Threat type;Threat name;Threat flags;Scanner;Scan log reference;Object type;Object URI;Action performed;Action error;Threat handled;Restart required;User;Process name;Circumstances;Virus signature database;Hash of detected file
COMPNAME;3;2018-02-17 16:35:10;trojan;JS/Tivso.Gen;;HTTP filter;virlog.dat;file;hxxp://maliciouslink.com/?width=640&height=360;connection terminated;;1;0;USERNAME;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe;;16920 (20180217);A7F533A141F411DBDBBC376F3F348E7B59925E11
 

replace bolded part to something like this: hxxp://maliciouslink.com/?width=640&height=360

(forum motor replaces correctly :))

 

Edited February 19, 2018 by ludolf
incomplete post

[LCS 3]

Disable the display of the Administrator login account:

[LCS 3]

Restrict the login of the Administrator account to specific IP addresses, but allow other accounts with 2FA enabled to login from anywhere.

As we cannot delete, disable or rename the Administrator account, the only other option is to only allow the Administrator to login from specified IP addresses only.

 

Andy

[Maxim. 2]

Hello

Description: more details(history) about computer object

Detail: it would be great to have more details about computer objects such as object history(when it was created, what was the previous hostname, etc).

[MichalJ 434]

@LCS Thank you for your inputs. We are already tracking improvement for that (disabling the build-in administrator account). The recommended approach is to really use Administrator account as "backup" with high-complexity password, stored within secure environment.

@Maxim. We are already tracking improvement for the "object created" / "first connected".  I will expand it with the "previous hostname". Can you please elaborate about what should be behind "etc". If you have anything else in mind, please let us know.

[nhesetnod32 0]

Description: Incorporate Apple Volume Purchase Program into ERA

Detail: ERA has functionality to incorporate Apple DEP to manage restrictions to IOS Devices.  It would be a wonderful feature to also incorporate the Apple Volume Purchase Program.  Apple VPP provides a feature to manage IOS Apps deployed to IOS devices without having to configure an Apple ID.  Where Apple DEP is already available within Eset ERA including Apple VPP would provide full circle MDM solution without requiring another application to manage the devices.

Edited February 20, 2018 by nhesetnod32

[ludolf 6]

Description: Notify about completed task execution 
Detail: It would be nice to have a setting on the new task creation page, to send an email to the task creator user, when the task is finished. 
The email could contain only a link to the task execution results, and maybe a summary about completion success or a successful/unsuccessful percent. 
Maybe if era is waiting for computers to be online, it could send reports repeatadly, containing the partial result, for example every 8 hour (or customizable intervals).

Description: Sysinspector log viewer lists
Detail: In ERA5 we could view the process list when clicked "Running process". And we could do some sorting for example company, to see non-usual entries for first sight. 
In ERA6 we only see the list of processes when open the "Running processes" tree.
Same apply for "File Details". It would be nice, if we could see the items below these "subkey" and could sort them.
Example situation: check processes/filedetails running from outside windows\programfiles folders.