Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)

[MichalJ 434]

Hello @dmartos - Lloged in user is available in the computer details. We are also tracking an improvement to populate / show the entry in the computers table. 

[noorigin 3]

Description: iOS policy to disable iMessage

Detail: We need the ability to disable iMessage on iOS devices via ESMC/MDM in order to effectively use 3rd party backup tools. The tools can backup SMS, but not iMessage. 

[MichalJ 434]

@noorigin Hello, we are tracking it as an improvement request. Thank you for your feedback. 

[pps 4]

Hello,

It will be useful to get  ip addresses in Lost & found too (computers without the agent installed).

Or something to show if a computer is active/online so i can push the agent to this computer only and not in all the category.

Thanks,

Peter

 

 

Edited April 18, 2019 by pps
edit

[MichalJ 434]

Hello @pps You get IP addresses only from computers that have agents deployed, as it’s the agent who is responsible. What you can do, is to install rogue detection sensor, which could help you to add machines which are alive.

Also, to double-check, can you please provide details about how you added that machines in Lost And Found group? 

[Pinni3 21]

Hey Guys, long time didnt been here, but I have couple of things that I think should be considered in future releases.

1. Add static group as a filter into building dynamic group. I have 30+ "main static groups". When I say "main static groups" I mean, 2nd degree static groups (1st degree is ALL) and I want to build dynamic group that will be filtering computers only from those static groups.

2. When building reports, I can add static group name as a column. There is a lack of doing 2nd degree static group or displaying full path of computer All\static group#1\static group#2\static group#3\computer name

3. There should be some output for comitted changes within console. I had couple of situation when some admin added client task, modified it or even removed it. It could be writen within some txt file.

4. Lack of era proxy in 7th generation of console is real problem when I use linux installation. Mysql allows only 10k connection at one time. If There would be proxy, I would be able to aggregate those connections and connect many more of clients

[pps 4]

On 4/21/2019 at 8:53 PM, MichalJ said:

Hello @pps You get IP addresses only from computers that have agents deployed, as it’s the agent who is responsible. What you can do, is to install rogue detection sensor, which could help you to add machines which are alive.

Also, to double-check, can you please provide details about how you added that machines in Lost And Found group? 

Hello @MichalJ just make an AD synchronization and get the computers from there.

[MichalJ 434]

Hello @Pinni3. To get to your points: 

1. For that purpose, we allow nested dynamic groups. Meaning you have your 30 static ones, each one of them could have nested dynamic groups. Our you want to set it in a way, that you for example put the DG under "all" but then say that it needs to be only in the following static groups. Challenge is, that DG is evaluated on the Agent side, and Agent does not always know, in which SG it belongs to (if you move a client, it will need to recalculate all policy assignments for example). Therefore the nested concept. 
2. We are already tracking improvement for that (Internal reference - IDEA-1100)
3. We are working on better auditing changes, to track who / what / when / how was done. (internal reference - IDEA-1371
4. I am not completely sure what´s the problem here. Purpose of ERA proxy was just to aggregate the data, but at the end it was sent to ERA server, so the amount of DATA sent is not increased when Proxy was deprecated. Just the ESMC server handles more connections directly, due to a changed replication protocol. Also, AFAIK we have bigger installations than 10k on MySQL. Maybe @MartinK can provide some more information on this. 

[MartinK 382]

4 hours ago, MichalJ said:

I am not completely sure what´s the problem here. Purpose of ERA proxy was just to aggregate the data, but at the end it was sent to ERA server, so the amount of DATA sent is not increased when Proxy was deprecated. Just the ESMC server handles more connections directly, due to a changed replication protocol. Also, AFAIK we have bigger installations than 10k on MySQL. Maybe @MartinK can provide some more information on this. 

Unfortunately I am al so not sure how it was meant. We are officially declaring maximal number of managed clients to 10000 when using MySQL database, but it is not related to number of actually connecting clients, but rather limit is amount of data. ESMC installed over MySQL might have performance issues with processing larger amount of data and rendering larger datasets. As an result rendering of specific reports (threats for example) might be much slower, but in "clean" network even much larger environments can be managed with MySQL-based ESMC installation.

Persistent connections as introduced in ESMC should actually significantly reduce load of ESMC server, especially in "dormant" state when no changes are made in management console. If properly configured on recommended HW, ESMC should handle hundreds of clients per second.

[Pinni3 21]

Thank You @MichalJ and @MartinK for explaination

[Haresh2015 3]

Description : Installed windows Updates & Hotfix list show in Computer Details. 

Details: ESMC show only installed Application details, but installed updates & hotfix details not show in ESMC v7.

[MichalJ 434]

Hello @Haresh2015 Thank you for reporting. We have such request already in our backlog, however it was not yet planned for future releases due to other priorities. But it has been requested already in the past. 

[bbahes 29]

Description : Add variable for COMPUTER DESCRIPTION

Details: We use COMPUTER DESCRIPTION to denote workstation position and/or users and would like to include this field in notification messages. 

 

[MichalJ 434]

Hello @bbahes I have added your request to our improvement backlog. It´s out of scope for the future version though, as scope of that one is already closed. 

[ewong 8]

Description:

  Remotely reset Agents' information using a 'secret key' that will reset where the Agents report to.

Details:

 At the moment, using the GPO method of deploying agents is 'simple' enough; but if the ESMC server suffers a hiccup/goes away(for some reason), the ESMC must be installed/reinstalled; thusly the old agents won't be able to communicate with the new ESMC server.   Having the ability to set up a 'secret' on the EMSC that can be used to connect to all old-agents and have them reapply the new server information would make life easier.  (At this moment, I'm still recovering from a server failure and can't seem to be able to get all of the agents installed properly via gpo, even with the new 'install_config.ini' file set up.)  So having this kinda trouble, I've had to go into each system, run esetuninstaller and then have they run gpupdate to get themselves updated) and even then that's not working all the time. [note: I do admit that it is possibly a PEBCAK problem.]

On the flip side, this could lead to security issues (particularly since this is somewhat akin to adding a 'backdoor'), so I'm not sure if this is a good idea.  

[BaldNerd 3]

Description: Ability to update PFX associated with MDC policy programmatically rather than through web interface.

Detail: We have MDC using a Let's Encrypt signed cert. These certs get auto-generated every 90 days via a cronjob. Currently, while the cert itself (a PKCS#12 PFX file) gets created successfully on schedule, I must manually edit the MDC policy within the ESMC web console to upload the new PFX to the policy. I would like to be able to instead import the new PFX file directly to the policy, possibly by way of a Linux command line tool whose command I can include within the Let's Encrypt cronjob.

An [easier?] alternative would be to allow the MDC policies to link to a hard file path for the PFX. That way I could just replace the PFX file as needed, restart the eramdmcore service, and allow the policy to simply pick up the new PFX on load.

Thanks!
Robbie // The Bald Nerd

[SunnyJ 0]

Description: Custom identifiers

Detail: In an environment where management of devices is mixed, it would be nice if there was a way to gather a custom value or provide a script that can return a custom value for display in the details of a system.

In our case the built in identifiers are unreliable; hostnames are managed independently by different management parties, the IP reported is the IP assigned to the adapter (so when the server is behind NAT, it's not useful), mobo SNs don't get set by the manufacturer so just return N/A or a default 0123456789.  So, for at least us, on setup, we add a custom registry or configuration value to our Windows or Linux systems for monitoring and tracking (it's also affixed to the physical box).  Being able to have it retrieve a registry value or run a batch/bash script that'll return a value would be highly useful for tracking purposes.

I thought about having each client run a custom command with the "run command" client task; however, as far as I can tell, it does not seem to record or return any information back to the server other than a success/failure.  We've considered using this approach, but then posting that data to a logging site, but that then requires more port allowances, would be difficult to match up exactly, and is inefficient, so something built in would be preferred.  

TBH, I'm surprised there isn't just a way to return some custom information in general, as that seems like it would be in general really handy, not just in terms of computer identification, but giving admins the ability to check for different statuses of OS or other values as needed.

Edited October 9, 2019 by SunnyJ
typo

[pps 4]

Description: Global Policy

Detail: for example, I am in need to change the Access Setup Password in 5 different policies 3 for Endpoint and 2 for File Security.

The easiest way is to introduce a global policy that is enforced over the other policies

[Marcos 5,168]

52 minutes ago, pps said:

Description: Global Policy

Detail: for example, I am in need to change the Access Setup Password in 5 different policies 3 for Endpoint and 2 for File Security.

The easiest way is to introduce a global policy that is enforced over the other policies

To enforce a particular setting over other policies, select the flash icon instead of the dot.

[pps 4]

@Marcos do i still need a separate policy to change the password for Eset Endpoint Products  and File Security Products?

[Marcos 5,168]

5 minutes ago, pps said:

@Marcos do i still need a separate policy to change the password for Eset Endpoint Products  and File Security Products?

Endpoint and other server products use separate policies:

[pps 4]

On 10/31/2019 at 11:58 AM, Marcos said:

Endpoint and other server products use separate policies:

Hello @Marcos

 

Then why It seems that an Endpoint Policy is applied in a file Security Product? It should be mentioned that the policy is for different product and it can't be applied.

[pps 4]

Description: Icon when clients are up to date with latest policies

Detail: In Computer screen it would be helpful if there is an icon that you can see that clients are up to date with all the latest policies (such as status column)

[pps 4]

Description: Distinguish Hyper-V and Esxi servers from Simple Servers or Vm's

Detail: In ESET console you can't distinguish a simple VM or Server from a Server that runs a virtualization platform  (Hyper-V, ...) and host many vm's inside it. If you accidentally reboot this host then you have all his VM's restarted and can cause a huge mess.

[ewong 8]

Description: Enable MirrorTool to have an 'update-repo' mode

Detail: As far as I can understand the MirrorTool usage, when I run the following command:

MirrorTool --intermediateRepositoryDirectory /tmp/repo --mirrortype regular --repositoryServer AUTOSELECT \
  --outputRepositoryDirectory /mirror/repo --languageFilterForRepository en_US

It deletes the existing /mirror/repo contents and start all over again.  Perhaps include an 'update' mode such that it'll just compare the current files with those on the AUTOSELECT server and find the files that are new.