Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)

[SysEPr 4]

Just now, MichalJ said:

@SysEPr It is already integrated in the ERA agent.

You can run a task "software uninstall" where you can choose the option to use the AV Remover, to clean "supported applications". 

Then why can't you determine, whether an application installed is a security product or not?

[katycomputersystems 1]

BTW, it might help to understand how I envision use of ERA, I manage a small MSP, we have a few hundred endpoints, many will stipulate that we should have an official RMM & PSA tool, I disagree. I find that between ERA & ScreenConnect we can efficiently serve our clients.

So, many of my comments reflect that desire to have ERA include features that are typically found in a RMM tool, this may be unfair to your developers, but if we can have a few more features, I am convinced your sales & marketers will be delighted. Furthermore it will give ESET more control over your destiny, currently if you want to grow quickly, you will need to make a deal with one of the big RMM players to sell your products at a 90% discount. If you get a few more RMM features, I am convinced more MSPs and IT departments will agree with my world view embracing a simpler, more efficient set of tools to serve their clients.

[MichalJ 434]

@SysEPr It´s based on the way, how the AV remover is integrated (also, what is the usage allowed by the 3rd party vendor, that ships us the library). We can´t run a "silent scan", and report the outputs. We can juts execute the "cleaner", but not in a silent way. I will discuss this with the teams, whether it would be possible to adopt it for this purpose.

 

[MichalJ 434]

@katycomputersystems Thank you for the feedback. It gives us an interesting point of view, towards the potential of the future. We are conducting a regular customer research, when we do talk personally with various types of users (MSPs are among them, as they are more commonly the ones, that are operating ERA). Would you be willing to participate? We can discuss more details, in order how to make the product better for you, and also to learn a bit more about your daily agenda, etc. If yes, please send me a private message, I will also invite colleagues responsible for our MSP offering. 

[katycomputersystems 1]

"Send Wake Up Call" works well on local network, not so well in the field.

It would be great if could use the command line to prompt ERA Agent to phone home.

We'd put the command in our ScreenConnect toolbox & issue command as appropriate. Currently, we have ESET phoning home every minute, I would like to drop that to every hour, but can't afford to do so while getting things setup.

[MichalJ 434]

@katycomputersystems Thank you for the feedback. We are already tracking improvement for that, it was requested by several MSPs in the past, who are using different tools for having access to the machine, but also by some customers, doing the same. 

[ewong 8]

On 1/5/2018 at 5:09 AM, MichalJ said:

@Jaroslav Mixa Thank you for your constructive feedback. I would like to assure you, that your feedback is being heard. Below, you can find couple of notes, related to some products. 

• @Sorting / filtering – This will be possible. For the future release, we are preparing multiple changes with regards of filtering / sorting in the webconsole.

 

I'd like to add to the Sorting/filtering item.

Description: The current filtering prepositions are limited and a little confusing.

Detail:

I was looking at the "Last Connected" report template on the Dashboard, and I had recently added a whole bunch of rogue systems to a subgroup under "Unknown" static group.  By default, the "Last connected" report includes all systems.  I wanted to filter out the "unknown" static group and its subgroups.

I tried creating a filter:

Static Group; Static Group Parent Hierarchy     in     Unknown

which obviously isn't what I want; but there's no  "not in".  And there's no obvious way of setting "All" computers but exclude the static group "Unknown".

So I thought I'd try:

Static Group   = All

Static Group; Static Group Parent Hierarchy  not equal    Unknown.

That didn't work.

So having more prepositions (if that's what you call them) would help a lot.

 

[Tim Jones 2]

One more thing if you could locally run a command against ERAAgent to regen guid would be nice

eg

eraagent --regenguid

and that just does an UPDATE key_value_table SET value = '%randomguid%' WHERE key = 'local_peer_uuid'

in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db

and updates the reg keys as well

REG delete HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info /v ProductInstanceID /f
REG add HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info /v ProductInstanceID /t REG_SZ /d %randomguid% /f

otherwise you end up having to do it with sqlite3 with a bunch of scripts and hacks to crash the service modify it then start it again it works but would be nice if i didn't have to and it could just do it out of the box,

PS I know its wrong, and I only do this when the guys forget to tell me when they deployed an image without telling me first and somehow included it in the image, would be even better if this was supported so i could just tell the guys to do what they like as long as they run the command at the end of an imaging task

Tim

Edited April 11, 2018 by Tim Jones
Forgot reg key thing 2

[kingoftheworld 10]

15 hours ago, Tim Jones said:

One more thing if you could locally run a command against ERAAgent to regen guid would be nice

eg

eraagent --regenguid

and that just does an UPDATE key_value_table SET value = '%randomguid%' WHERE key = 'local_peer_uuid'

in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db

and updates the reg keys as well

REG delete HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info /v ProductInstanceID /f
REG add HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info /v ProductInstanceID /t REG_SZ /d %randomguid% /f

otherwise you end up having to do it with sqlite3 with a bunch of scripts and hacks to crash the service modify it then start it again it works but would be nice if i didn't have to and it could just do it out of the box,

PS I know its wrong, and I only do this when the guys forget to tell me when they deployed an image without telling me first and somehow included it in the image, would be even better if this was supported so i could just tell the guys to do what they like as long as they run the command at the end of an imaging task

Tim

+1 for this request.  Or some other way of accomplishing this 

[MichalJ 434]

@kingoftheworld &  @Tim Jones- in general, we believe this won´t be needed with the upcoming release, where we are introducing a new feature, that should automatically identify duplicated entries, based on their hardware, and let you resolve (reset) the agent UUID from there. You would be able even to pre-configure the desired behavior (so when a default image is deployed, it will automatically get a new UUID).

Do you have any other usecase for this behavior?

Edited April 12, 2018 by MichalJ

[MichalJ 434]

@ewong have you tried a filter "static group" not equal "unknown" ? That should achieve what you are searching for.

[fchelp 3]

3 hours ago, MichalJ said:

@kingoftheworld &  @Tim Jones- in general, we believe this won´t be needed with the upcoming release, where we are introducing a new feature, that should automatically identify duplicated entries, based on their hardware, and let you resolve (reset) the agent UUID from there. You would be able even to pre-configure the desired behavior (so when a default image is deployed, it will automatically get a new UUID).

Do you have any other usecase for this behavior?

This would only work if you deploy your image on different hardware, but in corporate environments a lot of times you have a bunch of identical computers with identical hardware.

[SkriptAsylum 0]

Per other users, I second this feature request:

Description: Agent installer that installs the latest [product] version by default.

Quote

As of now, we are not able to do this due to legal restrictions (you pre-accept EULA upon generating, however each version can have adjustments in EULA). So legal department is against it. But improvement itself is being tracked.

A checkbox for 'Latest Available Version' would be outstanding. Regarding the EULA/legal issues, perhaps another acknowledgement checkbox could justify the demand. Additionally, having no expiration for these Client Tasks would aid in the efficiency of the process [we currently have Dynamic Groups for 'ESET Not Installed' that trigger the Client Task to install Version 6.X that will fail if that repository has been removed].

[MichalJ 434]

@fchelp what do you mean “identical”? Identical serial numbers? SMBios IDs, or just the same hw configuration? 

[SandipThanki 2]

Hello Team,

Need to improve product & features as below. 

(1)Advanced device control to block WI-FI & other device. 
(2)Application Control to mange Application. 
(3) Advance Web control to block browser web proxy like ultra surf.

(4)File Activity Monitor to monitor any suspicious activity related to the confidential files on in system.

(5)if some client not connect to era since long time than it shown as offline and can we set auto setting if some client not connected from last 30 days than automatically remove from ERA and remove duplicate entry automatically in client list.

(6)Easy Client remote uninstall method.

(7) Improve report section for users.

(8) Easy way for Email notification for basic antivirus event in ERA.

 

[MichalJ 434]

@SandipThanki Thank you for your feedback. I would however kindly ask you to continue in the form of "reported problem" & "expected solution", as understanding of your "feature requests" might differ, and I would like to prevent the state, when we do implement something, that would not achieve the intentions behind it. So, can you please provide more details, about which problems are you willing to solve with the proposed solutions? Thank you. 

[ludolf 6]

Hello

Description: disable product change possibility after any settings have been configured in a policy

Detail:  

imagine the following:
- create a policy
- change some setting
- change product within this policy
- save the policy
In this case all of the previous settings are gone.

[Marcos 5,259]

13 minutes ago, ludolf said:

Detail:  

imagine the following:
- create a policy
- change some setting
- change product within this policy
- save the policy
In this case all of the previous settings are gone.

Policies are per product so if you later edit a policy and change the product to another one, it's normal that the settings previously defined for the former product will be lost. The new product you selected may not even support those settings.

[ludolf 6]

Exactly. If somebody change product accidentally and saves the policy, the settings are lost. This shouldn't be happen. If the admin selects a product within a policy, and change any setting, the product selection list should be disabled. After this, if the admin would like to point the settings to other product, he should to create a new policy. IMHO

[Pavlov`s Dog 0]

17 hours ago, Marcos said:

Policies are per product so if you later edit a policy and change the product to another one, it's normal that the settings previously defined for the former product will be lost. The new product you selected may not even support those settings.

 

Is it so hard to insert a discard/apply/really/maybe popup when admin accidentally click on product change?

Thanks.

[SandipThanki 2]

Hello Sir,

I expected some features in ESET Endpoint Or in ERA To competition other antivirus and other antivirus product already give that type features.

Expected Features:

(1)Advanced device control to block WI-FI device. 
(2)Application Control to mange Application. 

(3)File Activity Monitor to monitor any suspicious activity related to the confidential files on in system.

 

Expected Solution:

(1)if some client not connect to era since long time than it shown as offline and can we set auto setting if some client not connected from last 30 days than automatically remove from ERA and remove duplicate entry automatically in client list.

(2) Improve report section.

(3) Easy way for Email notification for basic antivirus event in ERA. like threat detection,not update client,offline client

[Marcos 5,259]

1, There's already a server task "Delete not connecting computers".
2, This is a very general wish. Be more specific please. In the initial announcement in this topic, we wrote: NOTE: When making your requests do not make general statements such as "better gui". If you have a specific feature or functionality you would like to see added (or improved) please post it here, but general requests to "make things better" are not helpful because they do not give ESET detailed enough information. Thank you for your understanding.

3, You can send SMTP notifications from clients upon threat detection or reports with detected threats from ERA. I'm quite sure that it's also possible to send reports about outdated clients.

[Bedders 0]

We've been using ESET for years here at my organisation, long before I started, and I have overseen the upgrade from ESET v4 running NOD32 up to ESET v6.6 running Endpoint Antivirus. 

Once I got my head around the fact that it required an Agent first, then the antivirus, it's been a breeze.

However I feel that the reporting is somewhat lacking in terms of filters. For example - when I go to 'Threats', then click on 'Add Filter', I expected to be able to filter by the visible 'Action' column - so I could only select everything that had been Cleaned by Deleting and Mark as Resolved. Unfortunately there is no option to add a filter for that 'Action' column. Some columns that are visible in that report seemed to be inexplicably missing as Filter options.

I was also trying to filter the 'Installed ESET Applications' dashboard report so that it excluded both the ESET Remote Administrator Server and the ESET Rogue Detection Sensor. I discovered that it is only possible to add one entry in that field, and each field can only be added once.

It's likely that there is a reason for such limitations on reporting but it is annoying.

[Marcos 5,259]

13 minutes ago, Bedders said:

However I feel that the reporting is somewhat lacking in terms of filters. For example - when I go to 'Threats', then click on 'Add Filter', I expected to be able to filter by the visible 'Action' column - so I could only select everything that had been Cleaned by Deleting and Mark as Resolved.

I assume that creating a filter for Active threats -> Count >= 1 should do the trick and only active threats (ie. those that could not be cleaned / deleted for whatever reason) should be included in the report then.

[AStevens.SHG 7]

Description: Static Group Synchronization using "Objects to Synchronize" set to "Computers Only" will sync all computers from AD Domain.

Detail: After creating a Server Task of Static Group Synchronization for a Active Directory domain, the "Objects to Synchronize" was set to "Computers Only" (we do not require the entire AD OU structure synchronized to ESET Remote Administrator, we use Dynamic Groups and assign policies there), and the "Distinguished Name" under Synchronization settings is black or set to the highest level "DC=test,DC=domain,DC=com", no computers are synchronized or existing computer objects moved, even though "Computer Creation Collision Handling" is set to "Move".

If we set the "Distinguished Name" under Synchronization settings to "OU=Domain Controllers,DC=test,DC=domain,DC=com" then we see the domains DCs, their computer accounts which exist in that OU (just that OU of course), get moved to the Static Group for the domain.

This seems odd, given you can set a top level synchronisation using Distinguished Name (or "leave empty to synchronize the whole tree", the tooltip says), and below that you can enter multiple Distinguished Name(s) you wish to exclude from the synchronization. Therefore this actually seems like an unnoticed (or maybe it has been noticed) bug in this function implementation.

Obviously, our end goal here is to have a single static group per Active Directory domain and all computers for the relevant domain be synchronized into that static group away from the Lost & Found static group, however we do not want all OUs from the domain synchronised under the static group, it's not necessary.

Last tested on ERA 6.5.522

 

Also to add to this, the option for "Users Only" when making a User AD Synchronization is also missing, please add and like the computer above works to sync all AD users to a single Static Group.

Edited April 23, 2018 by AStevens.SHG