Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)

[Nono 3]

12 hours ago, MartinK said:

Currently it is not decided of the future, and even latest version is using CentOS7-based appliance, which is supposed to be supported until 2024 (i.e. much longer than mentioned CentOS8). We currently rely on fact that security patches are available, even for tomcat 7 which is part of official CentOS7 repositories.

Just out of curiosity, what would be your preferred Linux distribution for future? Asking as there is not many "free" distributions guaranteeing reasonably long support and stability of environment for future migrations.

For a long LTS, staying on Linux, I would peak Ubuntu LTS which is by far the best choice IMO. I would definitely NOT use Oracle Linux as Oracle isn't known to be a Long Term Free solution (see ZFS, MySQL, Java etc ....).

On another way, if you're up to go on the unix world, I would definitely looking at free/openBSD 

[bbahes 29]

14 hours ago, MartinK said:

Just out of curiosity, what would be your preferred Linux distribution for future? Asking as there is not many "free" distributions guaranteeing reasonably long support and stability of environment for future migrations.

I wonder, would you consider RHEL as security vendor? If not why not?

[Nono 3]

On 12/11/2020 at 1:03 PM, bbahes said:

I wonder, would you consider RHEL as security vendor? If not why not?

I guess not for the cost ...
Otherwise, CloudLinux / Lenix seems a good (and better IMO) alternative https://lwn.net/Articles/840221/

[karsayor 8]

Description: Automate the "rerun on failed" trigger

Detail: When upgrading Endpoint or Agents to latest version, often it might fail on some computers due to many reasons. It would be nice to have the ability to automate the trigger on these because as of now you have to constantly monitor and rerun many times the task. Using a dynamic group also doesn't work since the task will run when computers joins group but if it fails it will not run again.

 

[Guest]

Description: Have Name as a default Filter field when selecting Targets

 

Detail: When running a task or creating a task and selecting Targets  there is a default Tags option but not a Name Filter field. Name can be added from the drop down Add Filter - Name but it would save me doing this every time as it reverts back afterwards to just Tags.

 

[igi008 19]

On 12/23/2020 at 12:51 PM, robg said:

Description: Have Name as a default Filter field when selecting Targets

 

Detail: When running a task or creating a task and selecting Targets  there is a default Tags option but not a Name Filter field. Name can be added from the drop down Add Filter - Name but it would save me doing this every time as it reverts back afterwards to just Tags.

 

Hello Robg,

Thank you very much for your suggestion. We would like to understand your needs better. Please could you explain your typical use case? Do you trigger a particular task only on selected computers? If yes, which task?

In some cases (e.g., Software install task), it may be useful to select a whole group of computers instead of selecting one by one.
Or when you need to perform the action only on one computer, it could be useful to go through Computers, context action over a particular computer and chose "RUN TASK ..."

[igi008 19]

On 12/23/2020 at 12:21 PM, karsayor said:

Description: Automate the "rerun on failed" trigger

Detail: When upgrading Endpoint or Agents to latest version, often it might fail on some computers due to many reasons. It would be nice to have the ability to automate the trigger on these because as of now you have to constantly monitor and rerun many times the task. Using a dynamic group also doesn't work since the task will run when computers joins group but if it fails it will not run again.

 

Many thanks karsayor,

We are currently working on a large project / comprehensive mechanism that will help the administrator keep the products in the network on the latest version automatically. We hope that this feature will help you and other customers.
The good news is that we already upgrade all ESET Management Agents for ESET PROTECT Cloud (formerly known as ECA) automatically. 

[Guest]

On 1/4/2021 at 2:13 PM, igi008 said:

Hello Robg,

Thank you very much for your suggestion. We would like to understand your needs better. Please could you explain your typical use case? Do you trigger a particular task only on selected computers? If yes, which task?

In some cases (e.g., Software install task), it may be useful to select a whole group of computers instead of selecting one by one.
Or when you need to perform the action only on one computer, it could be useful to go through Computers, context action over a particular computer and chose "RUN TASK ..."

Usually when I want to install the latest EsetAV on a single machine , the task asks to select a version so I want to create new tasks to avoid installing older versions. Or rebooting a machine at a particular one off time I can't reuse the task and making a new one is the same effort as editing an existing one. Selecting the computer I want to run it against it from the title bar would save me several clicks if the filter had name as a default

[Zoltan Endresz 5]

Hi ESET Staff, 

 

As I wrote before a several times, I had a lot of pain concerning the ESET updates:

https://forum.eset.com/topic/22216-the-older-version-of-eset-endpoint-security-cannot-be-removed/

https://forum.eset.com/topic/23738-the-older-version-of-eset-endpoint-security-cannot-be-removed-2/

In these cases I had only one chance to fix the broken installations: Ask the remote colleague for log in to his computer, describe the issue, identify myself, and so on... > copy the ESET uninstaller into the affected computer > reboot it in Safe Mode > run the ESET remover script > reboot it again in Normal Mode > start an ESET install task

It is no way if you have a few thousand computers in 20 countries worldwide, and a few dozen or hundred computers of them will be corrupted during  each ESET version update.

 

So, my colleague found a pretty simple and really useful solution.

If you purge a few ESET registry entries manually or by a script, it will be possible  install the ESET Endpoint Security on the client WITHOUT using the ESET Remover script in safe mode. So, simply run the following script as Admin then start again the EES installation:

 

"
REM Script to delete ESET Endpoint Security leftovers in registry

for /f %%a in ('REG Query HKCR\Installer\Products\ /s /f "ESET Endpoint Security" /d /e ^|findstr /ri "HKEY_CLASSES_ROOT"') do set key=%%a

ECHO %key%

reg delete %key%

PAUSE

"

So, I would like recommend to integrate a kind of similar "registry entry cleaner" option something like this into the ESET Protect admin surface, if it is possible for fix the broken ESET installation without the painful safe-mode script method.
Based on my experiences it helps in the 98% of the cases.

 

 

[Heber Mac 0]

Description: Single report linking “Computers” and “Audit and License Management”. Reason, view all computer problems in a single CSV report

 

Detail:   Objective to have a single SIMPLE report list of all the computers I am responsible for and highlight any computers which have problems, either computer based or Licence (version) based.

 

----- OOOOO -----

In detail and screen shots:

210108 Image 01:

210108 Image 02:

 

The above report tells me if I have any problems with the actual computers.  If you cure the worst functionality problem, then that is not a bad place to start and I tend to only cure one problem at a time.

The above report requires a link to the following field.

210108 Image 03:

210108 Image 04:

This field relates to ESET product Status and Eset Agent Status, and if both are Outdated you get duplicate records.  I just need to know if either is Outdated and avoid duplicate rows in the combined report.

 

210108 Image 05:

210108 Image 06:             Sample Report

 

The Blue highlights non-current dates, manually entered.

 

Is there any way to link fields between Categories?

 

 

 

Regards Heber

[igi008 19]

On 1/14/2021 at 1:11 PM, robg said:

Usually when I want to install the latest EsetAV on a single machine , the task asks to select a version so I want to create new tasks to avoid installing older versions. Or rebooting a machine at a particular one off time I can't reuse the task and making a new one is the same effort as editing an existing one. Selecting the computer I want to run it against it from the title bar would save me several clicks if the filter had name as a default

Many thanks for explanation.

For streamlining endpoint product upgrade could be useful also this:

Dashboard -> Status Overview -> Product version status -> Click on the "red" part of bar chart -> Update installed ESET products
In the invoked wizard, you can select specific target/targets. It is not necessary to upgrade all endpoints. However, we recommend upgrading them all.

Thank you very much for your feedback now. We are working on a comprehensive project that should help administrators with upgrading endpoints and all necessary components.

Edited March 3, 2021 by igi008

[Heber Mac 0]

Thank you igi008,

Yes I see what you are saying but I am trying to get a single report that will show the status / problems on all my client’s computers in one report. There are only 90 computers and Eset can be maintained very easily once the combined report has been created.  Regarding the Product Version status most of the occurrences of these errors are associated with computers that have not connected for some time and this is not obvious from the Product Version Status panel.

 

The combined report tells you where the problems are and focuses your attention on correcting the errors.  Most problems can be corrected from the same location Computers> Overview> very efficiently.   My objective is to not waste time finding the problems but to use my time to fix the problems.  The report layout also facilitates tracking problem computers over time.

I believe, rightly or wrongly, that the combined report will avoid me wasting my time looking for problems but rather allow me to concentrate on curing problems.

 

Is there any way to link a field in the Audit and License Management Category into a report in the Computers Category?

 

Could Eset see their way to create a new field in the Computers Category which would indicate the status of the Product Version Status of the computer?   This would be report either “BLANK” or “Outdated Version” for any of the sub headings (Agent, Endpoint etc.) (one row per computer not multiple rows).  igi008, please ask them on my behalf, I have being trying to get this message through for MONTHS.

 

It takes me about 12 minutes (if all goes well) to produce the report every time.  This would be better spent correcting the errors that should be visible at the touch of a button.

 

Again thanks for your reply.

 

Regards Heber

[MichalJ 434]

Does I get it right, that what you want to achieve, is clearly see which machine is outdated directly in the "computers" table, meaning outdated = endpoint software / agent is outdated. Is this correct? 

What I am confused about is the word "license" in your report. The "outdated status" only refers to the installer itself, and has nothing to do with the license. 

Please note, that for both Agent, and Endpoint, we are working on introducing an automatic update, meaning the agents, and security product instances will update transparently, the same way how product modules (detection engine) is updated. 

Edited March 4, 2021 by MichalJ

[HMCIT 3]

When we update our ESET Agents we find that we need to have all our machines reboot.  With the reboot option in the management console the machines just reboot with no warning.  Any open work is lost and the user is confused, thus generating a call to the help desk.

Would it be possible to have a reboot notification when pushing a reboot on a machine.  ESET is finishing an update and will reboot in 30min.  Reboot later or reboot now.

I reached out to support and was told to post this request here.

[cmarotta 0]

Description: We need to be able to insert the Computer Name or FQDN into a email notification when a Management Agent has not connected in set amount of time.

Detail: We need to be able to create an actionable notification that includes the affected computer. Not a notification for someone to go check the Console and search for what needs attention.  Currently none of those ${variables} are supported when creating this type of notification. This functionality has been around since Remote Admin 4.x.

 

[igi008 19]

15 hours ago, HMCIT said:

When we update our ESET Agents we find that we need to have all our machines reboot.  With the reboot option in the management console the machines just reboot with no warning.  Any open work is lost and the user is confused, thus generating a call to the help desk.

Would it be possible to have a reboot notification when pushing a reboot on a machine.  ESET is finishing an update and will reboot in 30min.  Reboot later or reboot now.

I reached out to support and was told to post this request here.

Hello, thank you very much for your suggestion.
We apology for that. Now we are working on a comprehensive IDEA that should solve unexpected reboots (not only agents but after product upgrade, OS upgrade, etc.).

[Heber Mac 0]

On 3/4/2021 at 7:27 AM, MichalJ said:

Does I get it right, that what you want to achieve, is clearly see which machine is outdated directly in the "computers" table, meaning outdated = endpoint software / agent is outdated. Is this correct?

Hi Michalj, 

Thank you for your reply and I apologise for the delay in replying to you.

 

Does I get it right, that what you want to achieve, is clearly see which machine is outdated directly in the "computers" table, meaning outdated = endpoint software / agent is outdated. Is this correct?

 

YES, you are correct.    meaning outdated = endpoint software OR agent is outdated

 

Reason:   Currently if everything goes well with copying and pasting directly from the two individual reports into my Excel spreadsheet, I can generate the report I require in about 20 minutes (minimum time).

 

I can then use the excel spreadsheet to track the effect of the tasks run to correct the problems. It also allows me to Highlight and filter out computers which have NOT connected to Eset Cloud recently.

 

This means that I can concentrate my efforts on the computers I can CONTACT and CURE and track the results of the Tasks run against the various computers.

 

I can’t upload the Excel spreadsheet but I attach herewith a PDF printout of the Excel spreadsheet in two parts.

210210326 010+All+Computer+listing Upload Part 01.pdf

 

In part 01 Columns 1 to 6 are sourced directly from the Computers Category Report.

Columns 7 and 8 are copies of column 6 from previous reports.  Please note the YYMMDDHHMM Year, Month, Day, Hour and Minute headings.  These allow me to track the results of Tasks previously run against the Computer.

 

Please note column 4 this is the date converted into a SORTABLE format YYMMDD so that I can sort the computers and highlight in Blue those which have not contacted Eset Cloud and against which there is no point running tasks as they will not be processed.

 

210210326 010+All+Computer+listing Upload Part 02.pdf

Column 6 and 7 of this report are generated from the Audit and License Management Category.

Using Excel “=VLookup()” I allocate the “Outdated Version” into column 3 against the corresponding computers and where the computer has no “Outdated Version” “=vlookup()” puts in a “#N/A”, I would prefer a Blank Cell.

 

Column 9 and 10 “Copy Column B”:   Column 10 is compared to column 2 and if they agree an “OK” is put into column 9.   The purpose of column 9 and 10 is to highlight if any new computers have been added or removed from the Report.

 

Column 11 (last contact) and 12 :   

Column 11 is just a copy of the original last contact date exported in the Computer Report.  Column 12 then converts this date into a Sortable Format the value of which is then copied back into the real last contact date column. The purpose is to allow the report be sorted by date and the OLD Last Contact computers highlighted in Blue.

 

The objective is to get all the computers listed and show the problems associated with them “AS EFFICIENTLY AS POSSIBLE”.  Yes, it does not show all the problems but I can only cure one problem at a time.

 

Michalj:

Please understand that I am a USER and my role it to support my clients to the best of my ability.  In order for me to do this, I have to be as efficient as possible and this report will save me at least 20 minutes every time I review the status of my Clients Computer Eset Status.

 

I have being using Eset Cloud for some time now and this report makes absolute sense to me.  I do not have to go into multiple areas to search for problems that may or may not exist.

 

Thank you.

 

Regards Heber

 

210210326 010+All+Computer+listing Upload Part 01.pdf 210210326 010+All+Computer+listing Upload Part 02.pdf

[SergiiV 0]

hello everyone

several times we faced with issue that user is trying to do some malware activity, and in reallity the fastest path to prevent such attempts will be to run some script on machine/server itself. This script can close user session, show warning message, block user, whatever. that is more like proactive care, instead of current "reporting" with delay.

If that is possible - please include this feature to Windows File Server

As example user tried to execute something X times (trying to find some malware that will work) - call some script - will be fully customizable solution

 

 

[Marcos 5,074]

4 hours ago, SergiiV said:

hello everyone

several times we faced with issue that user is trying to do some malware activity, and in reallity the fastest path to prevent such attempts will be to run some script on machine/server itself. This script can close user session, show warning message, block user, whatever. that is more like proactive care, instead of current "reporting" with delay.

If that is possible - please include this feature to Windows File Server

As example user tried to execute something X times (trying to find some malware that will work) - call some script - will be fully customizable solution

You can use ESET Enterprise Inspector to monitor suspicious activities in your network and proactively prevent further attacks or malicious actions from taking place.

[Rdc 0]

Description: Alphabetical Arrangement of Target Name in Policies > Assign

Detail: It is very troublesome to not be able to arrange target names when assigning policies. This must be changed for admins to make much use of this...in my opinion.

Thanks

[Rdc 0]

1 hour ago, Rdc said:

Description: Alphabetical Arrangement of Target Name in Policies > Assign

 

Detail: It is very troublesome to not be able to arrange target names when assigning policies. This must be changed for admins to make much use of this...in my opinion.

 

Thanks

 

Also, Please add a filter or search option

[igi008 19]

On 4/9/2021 at 9:08 PM, Rdc said:

Also, Please add a filter or search option

Hi Rdc,

Thank you very much for your feedback, we really appreciate it.

Yes, sorting this table could be useful. We try to add it here.

Could you explain your use case deeply, why you need filters here?  When you click on "Assign" you can find and sort here devices or groups. Do you prefer to search only through targets that were already assigned?
Maybe one recommendation related to this topic. We strictly recommend assigning Policies to groups, not to single devices. Assigning to numerous computers (not groups) may harm the performance of your server. If you need to assign some policy to specific devices, we recommend creating a group, placing computers here, and assigning the policy to this group.

Edited April 12, 2021 by igi008

[UncleDavey 0]

Good afternoon,

I want to request that ALL report fields be exposed when trying to create reports.  I understand that within each area of Reports that there are unique Indexes that are selecting the tables to be accessed and ALL Filters in canned reports.

My example is:  Reports > Automation

While the Client tasks execution is a nice report it is limited to 30 days (although there does not appear to be a visible filter for that limit).  So I needed a report to show all the Task Executions in our Management Log.  I can't duplicate the report because of the hidden 30 day limit.

So, new report.  But when I go to create my report I am unable to add the Client Task. Time of occurence field.  It is not listed.  Why?

Please expose the Hidden Filters and ALL data fields.

Thanks.

 

 

 

 

 

[MartinK 378]

On 4/21/2021 at 12:07 AM, UncleDavey said:

Good afternoon,

I want to request that ALL report fields be exposed when trying to create reports.  I understand that within each area of Reports that there are unique Indexes that are selecting the tables to be accessed and ALL Filters in canned reports.

My example is:  Reports > Automation

While the Client tasks execution is a nice report it is limited to 30 days (although there does not appear to be a visible filter for that limit).  So I needed a report to show all the Task Executions in our Management Log.  I can't duplicate the report because of the hidden 30 day limit.

So, new report.  But when I go to create my report I am unable to add the Client Task. Time of occurence field.  It is not listed.  Why?

Please expose the Hidden Filters and ALL data fields.

Thanks.

Could you please provide more details of what would you like to report? Or just older data? Asking because there is no hidden filter, but the data itself is collected and processed in a way that only 30 days are available for reporting mechanism (most probably due to performance/amount of data), even that is possible to access older data directly in console, but not in aggregated form.

[DonaldDucko 1]

In the reports data section, could we please get remaining free space for individual storage drives? In percent of total drive space would be best, and it would need to be per drive, instead of combined.

Thank you in advance!