Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)

[Gregg Wolfe 0]

Description: SysInspector Logs

Detail: Add the ability to bulk download logs, or query logs for specific items.  An example may be to find out if a particular Microsoft HotFix or Update has been applied to all workstations, and if not, which ones are missing the update.

[AndrewC 1]

Description:  Multiple VDI naming patterns on a single Master for Cloning

Detail: We're using the new VMware Horizon VDI Instant Clone naming pattern match feature in 8.1. It seems to work well, but is limited in the naming match mechanism only being good for one naming scheme per master for cloning/template/source VM.

We use a single source VM to clone out to multiple VDI pools. These pools take on different properties based on the VLANs and group policy sets they receive after cloning and Active Directory OU assignment. With the current limits, the only way to make this function with instant clone and ESET is to assign different digit amounts for each pool (ie: naming schemes VDI-{n:fixed=2}, VDI-{n:fixed=3}, VDI-{n:fixed=4} in Horizon, and VDI-{n} in ESET). This is okay with our pool sizes, but makes things a little messy and tougher to identify systems at a glance compared to how ESET with Horizon Composer functioned.

Being able to assign a CSV-separated naming pattern list to a single Master for Cloning would be an ideal approach and great to see in a future release.

Thanks!

[Alan Shakter 0]

Description: Notification Alert New Variable
Detail: Currently when setting a template for notifications, the provided available variables cover a good portion of the needed info, however there is one vital piece of info that is missing as a variable. The URI aka the "Uniform Resource Identifier" which gives the file name or URL blocked which is quite important to see in an alert. See snapshot with current available variables and snapshot with a URI example from within the Detections page

 

[igi008 19]

2 hours ago, Alan Shakter said:

Description: Notification Alert New Variable
Detail: Currently when setting a template for notifications, the provided available variables cover a good portion of the needed info, however there is one vital piece of info that is missing as a variable. The URI aka the "Uniform Resource Identifier" which gives the file name or URL blocked which is quite important to see in an alert. See snapshot with current available variables and snapshot with a URI example from within the Detections page

 

Hello, Many thanks for your suggestion.

We will add it also to ESET PROTECT Cloud.

We have it already in the on-prem version. I apologize. It was forgotten in the cloud version.

Edited October 19, 2021 by igi008

[Alan Shakter 0]

On 10/19/2021 at 10:29 AM, igi008 said:

Hello, Many thanks for your suggestion.

We will add it also to ESET PROTECT Cloud.

We have it already in the on-prem version. I apologize. It was forgotten in the cloud version.

Thanks! Can you provide an ETA when this will be implemented in the cloud?

[igi008 19]

On 11/1/2021 at 7:25 PM, Alan Shakter said:

Thanks! Can you provide an ETA when this will be implemented in the cloud?

Hello, many thanks for your reply.

It is preliminarily planned in ESET PROTECT Cloud 3.1, which is planned for January 2022.

EDIT: Planned for version 3.2 (February 2022)

EDIT2: We have analyzed it. Unfortunately, there is a risk when we are sending suspicious objects like phishing links in URI. It may cause our mailing service to be evaluated as suspicious or spam (it may also impact other customers who use a spam filter, e.g., from Google, etc.). For that reason, we have decided not to allow to sending of URI in notifications.

Edited February 17, 2022 by igi008
update base on new information

[kapela86 10]

I just updated from ESMC to ESET Protect and I'm very sad to see none of my requests got implemented. I asked about them more that a year ago:

 

[igi008 19]

8 hours ago, kapela86 said:

I just updated from ESMC to ESET Protect and I'm very sad to see none of my requests got implemented. I asked about them more that a year ago:

 

Hello, thank you very much for reminding those things. Yes, we are also tracking these various smaller improvements. Unfortunately, capacity is limited, and we need to solve a lot of things with higher priority with broader business impact. However, do not worry. We have it in the backlog, and I hope that some of them will be able to address in the upcoming release.

# 1 Uptime
There was a tricky part how often to synchronize. We are considering adding it, but not sure if directly to the main computer table, maybe under details and sync it in some time intervals.

# 2 Service pack / OS version
It is problematic because it is impossible to guarantee that MS won't bring some ServicePack for Win 10. Now is possible to parse this information from the "OS version" in ESET PROTECT (that is technically the OS build). However, is good to consider creating a new field "OS build" and report version (e.g., 20H2) to "OS version", but it needs to be analyzed cross-platform.

# 3 Network adapters
Now we are reporting more physical adapters also wireless.
Yes, the problem with duplicity (IPv4 and IPv6) is not fixed yet, but it is planned.

Many thanks for your patience, I hope you have found other interesting improvements in ESET PROTECT 9.0.
And of course, we will also try to move forward the smaller improvements suggested in this forum thread, but in some cases, we need more time due to other priorities.
 

Edited December 1, 2021 by igi008

[ServiceTechnique 0]

Alpine Linux is not yet supported by ESET so I can't install the ESET PROTECT Agent on it.

I have an SSL error even if I have one of the latest openssl version on it

OpenSSL> version
OpenSSL 1.1.1k  25 Mar 2021

Can you please add Alpine Linux as a supported OS for the ESET PROTECT Agent ?

That would be great 

Thanks

[MartinK 378]

On 12/3/2021 at 2:04 PM, ServiceTechnique said:

Alpine Linux is not yet supported by ESET so I can't install the ESET PROTECT Agent on it.

I have an SSL error even if I have one of the latest openssl version on it

OpenSSL> version
OpenSSL 1.1.1k  25 Mar 2021

Can you please add Alpine Linux as a supported OS for the ESET PROTECT Agent ?

That would be great 

Thanks

I would recommend to open separate topic with this issue and possibly provide more details of what kind of error are you getting (ideally installer logs - EraAgentInstaller.log). Even adding support for this distribution is not in a plan due to it's market share, but it is very probable that there won't be any significant problems - generally systems with OpenSSL 1.1 should work except special FIPS variants which do mostly omit functionalities required by AGENT to be installed.

[Bob van der Woude 1]

Description: Documents with macro to Eset Dynamic Threat Defense

Detail: I would like to send Documents With macro's to Eset dynamic Threat Defense and not send other documents. Now Documents with macro's are not send if i choose to not send documents.

[Matus 21]

On 1/3/2022 at 1:07 PM, Bob van der Woude said:

Description: Documents with macro to Eset Dynamic Threat Defense

Detail: I would like to send Documents With macro's to Eset dynamic Threat Defense and not send other documents. Now Documents with macro's are not send if i choose to not send documents.

Hi Bob,

By default, we're sending to EDTD only documents with active content (e.g. Macro) and not standard documents.

However, it's possible, that e.g. an ordinary document would be send to ESET LiveGrid Feedback system (not EDTD) in case this document would be downloaded from URL/domain, which is considered as dangerous based on historic data for further inspection (should not normally happen).

That means, probability of sending an ordinary document to ESET which you receive e.g. from customer with sensitive data is close to zero.

[Tekkis 0]

Hi.  With Windows 11 hardware requirements, I would really like the ability to run a report that could tell me "yes or no" that the pc meets the Windows 11 upgrade requirements.  I know this message is present when you look at "windows updates", but we have over 400 pc's and right now I will need to log onto each to find out because looking at the cpu description, cores and so on you may think that you can tell but my experience is that the 100% answer is to just look at windows updates on the computer.

 

I would really like the option to pull the bios date or MOBO as well.  Thank you.  Jennifer

[Chris Davies 0]

Description: The list of computer names on the main "Computers" screen should be copyable

Detail: On occasion I want to use the list of computer names selected on the "Computers" screen for some non-ESET processing. (For example, running through a loop with `ping` to see which are on our WAN and which may be off-site right now.) It's possible to copy and paste every column except the names of the computers. Please would you make it possible to copy the computer names too.

 

Description: The set of computers on the main "Computers" screen should be exportable

Detail: Please provide the opportunity to obtain a CSV export of the current set of machines listed on the "Computers" screens. (Ignore pagination, so if there are 3 screens of 25 computers, the export should have 75 rows of data plus the heading.)

[MartinK 378]

On 1/24/2022 at 5:47 PM, Tekkis said:

I would really like the option to pull the bios date or MOBO as well.  Thank you.  Jennifer

Just for clarification, but does that mean that current mechanisms for fetching bios/firmware version & description is not sufficient in your environment or it provides inaccurate or no data at all? It should be visible in client details and it can be also reported in a list for all devices:
 

[MartinK 378]

4 hours ago, Chris Davies said:

Description: The set of computers on the main "Computers" screen should be exportable

Detail: Please provide the opportunity to obtain a CSV export of the current set of machines listed on the "Computers" screens. (Ignore pagination, so if there are 3 screens of 25 computers, the export should have 75 rows of data plus the heading.)

For better understanding of your use-case, we you considered one of two currently available actions for export in a CSV format? As of now, it is possible to:

1. export directly from the computers screen table (cogwheel action) but it honors paging, i.e. only devices on current screen/page will be actually exported
2. It is possible to define custom report and download it in CSV format. This provides much more control, can be even scheduled to be saved or sent via email regularly.

where especially second one should provide possibility to fetch data in required format.

[kapela86 10]

4 hours ago, Chris Davies said:

Description: The list of computer names on the main "Computers" screen should be copyable

Detail: On occasion I want to use the list of computer names selected on the "Computers" screen for some non-ESET processing. (For example, running through a loop with `ping` to see which are on our WAN and which may be off-site right now.) It's possible to copy and paste every column except the names of the computers. Please would you make it possible to copy the computer names too.

 

Description: The set of computers on the main "Computers" screen should be exportable

Detail: Please provide the opportunity to obtain a CSV export of the current set of machines listed on the "Computers" screens. (Ignore pagination, so if there are 3 screens of 25 computers, the export should have 75 rows of data plus the heading.)

You can add "Remote host" column and it will show external IP for those computers outside your lan. And in "Last connected" column there is a green dot that indicates computer is/was online recently.

[H6m1D 0]

I wanted to generate a report to get the age of the computers, I see that there are manufacturer, model and other attributes of the the clients, but was wondering if we can gather year of manufactured so that we know how old is the computers on the network.

[MartinK 378]

9 hours ago, H6m1D said:

I wanted to generate a report to get the age of the computers, I see that there are manufacturer, model and other attributes of the the clients, but was wondering if we can gather year of manufactured so that we know how old is the computers on the network.

Unfortunately this is not possible in this way - we do rely on data that operating system provides us, and it is just an "description" stored most probably in the bios itself. We also see that content is not standardized and it highly depends on manufacturer - so it was just an hint that it might help in your case, but it might be completely useless for certain motherboard vendors.

[Chris Davies 0]

12 hours ago, kapela86 said:

You can add "Remote host" column and it will show external IP for those computers outside your lan. And in "Last connected" column there is a green dot that indicates computer is/was online recently.

Yes, that's right. But my example was just that - an example. I can provide detailed use cases but I didn't think that was appropriate here. The green dot is really useful - I noticed it a version or two (?) back and was pleased about it. However,  my request to be able to copy (and paste) the computer names still stands, please.

[Chris Davies 0]

12 hours ago, MartinK said:

For better understanding of your use-case, we you considered one of two currently available actions for export in a CSV format? As of now, it is possible to:

1. export directly from the computers screen table (cogwheel action) but it honors paging, i.e. only devices on current screen/page will be actually exported
2. It is possible to define custom report and download it in CSV format. This provides much more control, can be even scheduled to be saved or sent via email regularly.

where especially second one should provide possibility to fetch data in required format.

Thank you. I missed the export option from the ⚙ cog wheel. Consider the requirement (mostly) satisfied 🙂

Regards

[Alan Shakter 0]

On 11/2/2021 at 5:18 AM, igi008 said:

Hello, many thanks for your reply.

It is preliminarily planned in ESET PROTECT Cloud 3.1, which is planned for January 2022.

EDIT: Planned for version 3.2 (February 2022)

EDIT2: We have analyzed it. Unfortunately, there is a risk when we are sending suspicious objects like phishing links in URI. It may cause our mailing service to be evaluated as suspicious or spam (it may also impact other customers who use a spam filter, e.g., from Google, etc.). For that reason, we have decided not to allow to sending of URI in notifications.

I understand your concern. There's got to be some way around that. I've been waiting on this for a while. You got my hopes up. The URI only contains a URL if it's a internet link that triggered the event (which I can forgo those details as it's not too relevant for me to know the exact URL),  however if it's a file that triggered it, this wouldn't interfere any email filter and it would really add so much to the alert to have the file name\path.

[DBNY 0]

We would like a way to identify duplicate (hardware) devices from the Remote Console. 

E.g. When we reformat at a machine and re-apply our base image, the agent creates a new record in the remote console. Sometimes the hostname is the same (if the user hasn't changed) but often it's different and we have no way of seeing which computers in the console are the same physical hardware.

We would like a way to identify duplicate computers so we can either delete the older duplicate records or (ideally!) merge all of them into one record so we don't lose or lose history on any device.

[Zoltan Endresz 5]

Hi DBNY, 

My soluton to find the duplicated coputers is a report template:

Then the output looks like this:

 

Based on it you can simply delete the older ones.
It is not so user friendly but works.

[karlisi 26]

 

On 3/5/2022 at 5:12 PM, Zoltan Endresz said:

My soluton to find the duplicated coputers is a report template

Your solution won't work if hostname is changed after reinstallation. The goal is, how to find duplicate entries for the same hardware:

On 3/4/2022 at 9:45 PM, DBNY said:

Sometimes the hostname is the same (if the user hasn't changed) but often it's different and we have no way of seeing which computers in the console are the same physical hardware