Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)

[SysEPr 4]

Description: Color code failing tasks

Detail:  The server used to color code the tasks that are failing. I'm running the latest ESMC, and now, that doesn't happen, and I have a hard time figuring out which tasks are failing. Is there a way to color code it again, or where can I see it? All I get is a generic email saying: "At least one client task has invalid configuration and therefore will fail."

[dschwenk 1]

We'd like to use the device control features in ESET to replace the software we currently use, but unfortunately we aren't able to customize the specific message that displays. We want it to include our corporate policy for external devices and instructions to the user when a device they plug in gets blocked. Ideally we'd like to also include a URL that the user could click on to generate a request for access. 

In short, it would be nice to be able to customize notification messages depending on the event in addition to globally.

 

Thank you!

[MichalJ 434]

@SysEPr Hello, that is a bug in the latest version. Color coding disappeared as the view was reprogrammed using a different programming framework. For the next version it´s coming back. 

@dschwenk Will will add your feedback to the IDEA for device control redesign, which already counts with those things. However, I can´t comment when it would be scheduled for implementation. But it definitely makes sense. 

[ewong 8]

Description:

  - Include a REST API in ESMC so that the administrator can gather information without needing to log on to the ESMC.

Detail:

  - The ability to run customized data-gathering scripts against the ESMC gives the administrator better ability to grab the information he/she wishes without needing to fiddle with the Report generator or in fact any aspect.  (Though, tbh, I'm not sure which would be a burden..   supplying REST information or having the user generate reports..etc).

Thanks!

[magielonczyk 0]

@MichalJ @Marcos What about reporting about installed windows updates in windows 10?

Similar to Get-Hotfix powershell module. This feature would be great!

[MichalJ 434]

Hello @magielonczyk, such request is already being tracked in our backlog, however it was not yet prioritized for development. 

Internal reference: IDEA-1205

[banedon 0]

Description:
-  Tag management page / menu

Detail:
- It would be great to have a page dedicated to managing tags. This would include the options to Create*, Rename and Delete customised tags. Also it would be very useful to see all objects linked with a given tag if possible.
* I'm aware that you can create tags by clicking on a computer, clicking on Tags and typing the name of a tag which doesn't exist. This option should be kept as well as implementing the above.

 

Description:
-  Duplicate entire static/dynamic tree

Detail:
- I'd love the ability duplicate a static group along with its child static and dynamic groups. There could be a prompt to keep or strip the dynamic groups templates in the duplicate. Obviously, the top duplicated static group would need to be renamed as part of the process and any non-group objects within would not be copied - Very useful for multi tenant (msp) set ups where a new tenant is being onboarded

[GreenEnvy22 6]

Description: Support LDAP or RADIUS login for ESMC Administrators

 

 

Detail: We'd love to see ESMC support the ability to login via LDAP or RADIUS, instead of just active directory and local users. We want to enable 2FA/MFA to protect ESMC, but trying to avoid the sprawl of apps needed on our phones, with every vendor pushing their own app for MFA.  If LDAP or Radius were supported for logging into ESMC, it would open up the option for lots of other MFA services to work, like DUO.

 

[Charly Schramm 1]

Description: Easier white/black listing out of the quarantine

Detail: With eset mail security i always have to add rules to create real white and blacklists. It would be much easier if i could rightclick the mail in the quarantine and have a button "add to white list", "add to blacklist". At the moment i copy/paste hundreds of domains a month and add them to my blacklist rule. 

A nice feature would also be if i could personalize the quarantine report for the employees.

 

[Ian 1 0]

Powershell script for Deployment

Could deployment scripts eg. ESMCAgentInstaller.bat be provided as Powershell scripts .ps1

[GregA 3]

Description:  Ability to auto install the ESET agent to unprotected computers found in AD

Detail:  Not sure why this is not in the ESET business product. I need the ability to find/sort into a static group and then auto install the ESET agent to computers that do not have the ESET agent installed. ESET has the ability to see these computers found in AD (from AD sync) if I click on the 'o'. So they are in the ESET database. But there is no way to sort on just these unprotected computers and create a task to install the ESET agent. We had to remove Kaspersky. It had that ability. McAfee also had that ability.

Edited April 13, 2020 by GregA

[GregA 3]

Description:   No need for dynamic groups vs static groups

Detail:  I don’t see the need for static groups vs dynamic groups. Why not just have ‘groups’. Other products allow you to create a group with whatever rules needed to sort computers into that group. So there doesn’t need to be both dynamic groups and static groups, just have one ‘groups’. You could keep the sorting templates to help people create a group. The biggest problem / limitation with the current dynamic groups is that it requires the ESET agent to be installed in order to sort. This seems to be a big limitation. We should be able to sort on any computer in the database whether it has the agent or not and the ‘dynamic groups vs static groups’ is very confusing compared to other products.

[GregA 3]

Description:   Ping unprotected computers from the ESET server

Detail:  To help find computers that need the agent installed if would be very helpful if the console server pinged the FDQN unprotected computer names. The ping rate could be an adjustable setting and staggered once every 5 minutes to 1 hour so as not to overwhelm the server and keep the last ping status in the database until the next ping is initiated.

[Marcos 5,074]

11 hours ago, GregA said:

Description:   No need for dynamic groups vs static groups

This is not true. It makes good sense to have both static and dynamic groups and users use both a lot. Unlike static groups dynamic groups are evaluated by agent on clients. For instance, with static groups only, it would not be possible to change the membership and run specific tasks on clients if they were not reporting to ESMC (e.g.  roaming clients) and an unhandled threat would be detected.

[tbsky 11]

On 3/3/2020 at 1:23 AM, Ian 1 said:

Powershell script for Deployment

Could deployment scripts eg. ESMCAgentInstaller.bat be provided as Powershell scripts .ps1

that's bad. powershell script is very slow and can not easily execute by normal user. (eg: double click the script won't get it run). and it changes too quickly (there are many versions and powershell core will replace powershell). vbscript is much better for general deployment  if MS still support it.

[MartinK 378]

On 3/2/2020 at 6:23 PM, Ian 1 said:

Powershell script for Deployment

Could deployment scripts eg. ESMCAgentInstaller.bat be provided as Powershell scripts .ps1

Could you please provide more details, for example why would you prefer PS script? Currently we are using BAT/VB as it provides compatibility even with oldest operating systems we do support (WindowsXP).

[SysEPr 4]

Description:  Ability to automatically rerun failed tasks

Detail: As far as I know, it's not possible to automatically rerun failed tasks (for example, a software deployment). It would be nice, if I you could set at the task to try to rerun it x times a day if it fails, and stop after y days for example if it still fails. We would use this to try to rerun failed installation tasks.

Edited April 23, 2020 by SysEPr

[VChap 0]

On 12/10/2019 at 7:47 AM, MichalJ said:

@SysEPr Hello, that is a bug in the latest version. Color coding disappeared as the view was reprogrammed using a different programming framework. For the next version it´s coming back. 

@dschwenk Will will add your feedback to the IDEA for device control redesign, which already counts with those things. However, I can´t comment when it would be scheduled for implementation. But it definitely makes sense. 

Is the color coding back in the latest versions?

[EricSchultz 0]

Description: Auto-Fill the Computer Description for Windows Machines with the Computer Description (from windows)

Detail: This can be super basic:

1. Agent reads description from registry: HKLM\System\CurrentControlSet\Services\lanmanserver\Parameters\srvcomment
2. Server updates description if NULL/Blank

That way it does not clobber any existing data, and admins can customize as usual if they want.

IMHO, I don't really care if it "updates" when it changes on the windows side. Although it would be nice, updates like that could complicate the implementation and would not add a lot of value (for me.)

[igi008 19]

17 hours ago, EricSchultz said:

Description: Auto-Fill the Computer Description for Windows Machines with the Computer Description (from windows)

Detail: This can be super basic:

1. Agent reads description from registry: HKLM\System\CurrentControlSet\Services\lanmanserver\Parameters\srvcomment
2. Server updates description if NULL/Blank

That way it does not clobber any existing data, and admins can customize as usual if they want.

IMHO, I don't really care if it "updates" when it changes on the windows side. Although it would be nice, updates like that could complicate the implementation and would not add a lot of value (for me.)

Hello EricSchultz,
Thank you very much for your valuable suggestion. I think that is a very good idea. We will look at it, and if there would not be other problems like different behavior in different versions of OS, we will try to implement it.

[JM-CISSP 0]

On 5/7/2020 at 5:31 PM, EricSchultz said:

Description: Auto-Fill the Computer Description for Windows Machines with the Computer Description (from windows)

Detail: This can be super basic:

1. Agent reads description from registry: HKLM\System\CurrentControlSet\Services\lanmanserver\Parameters\srvcomment
2. Server updates description if NULL/Blank

That way it does not clobber any existing data, and admins can customize as usual if they want.

IMHO, I don't really care if it "updates" when it changes on the windows side. Although it would be nice, updates like that could complicate the implementation and would not add a lot of value (for me.)

This is an excellent idea. I would love to have this option as a task so that I could schedule it or select which computers to apply it to. 

It would be even better if it was possible to set up a dynamic group for computers in Eset with this information missing and then the task could be applied to that group automatically.

[sanjay mehta 6]

few suggestions :

1.

description : download of all in one installer files should run in the background, and allow user to attend other tasks.

detail : once the AIO installer file download is started, often it takes up long time & warns about not closing the window otherwise the download is aborted. instead let the user start the download and close the window. the download shd proceed as background process.

2.

description : rename the downloaded AIO installer as per the given name to the installer instead of the generic name like ESMC_Installer_x64_en_US. optionally you can give the option to rename the files based on ver of agent & security file selected.

[ludolf 6]

Description: "Pause Firewall" permission with policy

Detail: Client settings are locked down with password. The user ocassionally needs to disable/pause firewall, but we don't want to give out the password, just for this function. Also don't want to give to the user the possibility to change any other settings on the client. 

[Sam Fonteno 3]

Description: show the Policy name in breadcrumb while editing
Detail: it would be great if the name of the Policy being edited would be shown in the breadcumb(?); not just in the Overview section. Like you do when we chose Show Details.

Thank you.

[MartinK 378]

3 hours ago, Sam Fonteno said:

Description: show the Policy name in breadcrumb while editing
Detail: it would be great if the name of the Policy being edited would be shown in the breadcumb(?); not just in the Overview section. Like you do when we chose Show Details.

Thank you.

I think this is resolved in just-released ESMC 7.2 where it look like this: