Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)

[DBNY 0]

Thanks Karlis & Zoltan - Zoltan's idea may work if we could use the count function for the serial number and not just computer. I couldn't work out how to do this. 

I was able to do a report which included the computer serial numbers, so we could do it manually, which may be adequate for now, but open to any other suggestions.

[Troldahl 0]

Please enable the ability to edit an Installer instead of having to delete and recreate it.  I have over 300 Installers and saving even 1 minute for each time I have to recreate it amounts to hours.  It would be great if I could do this for installers that "expire" as well as for installers that just need a tweak.

[kapela86 10]

2 hours ago, Troldahl said:

Please enable the ability to edit an Installer instead of having to delete and recreate it.  I have over 300 Installers and saving even 1 minute for each time I have to recreate it amounts to hours.  It would be great if I could do this for installers that "expire" as well as for installers that just need a tweak.

You can edit them

[Troldahl 0]

When in the Protect Cloud screen, whether Detections, Computers, or whichever, it would be nice to be able to search for records that do NOT match a text.  For example, in the Detections, I might want to only look at detections that are Not CVEs.  Since the CAUSE box is a text box, adding a checkbox for "NOT" would let me type in CVE and see everything else.

[igi008 19]

20 hours ago, Troldahl said:

When in the Protect Cloud screen, whether Detections, Computers, or whichever, it would be nice to be able to search for records that do NOT match a text.  For example, in the Detections, I might want to only look at detections that are Not CVEs.  Since the CAUSE box is a text box, adding a checkbox for "NOT" would let me type in CVE and see everything else.

Thank you very much for your suggestion. We also have a negative filter in your backlog. We plan to pilot it on the computer screen with a new Filter Advisor (planned in H1/2022). Please stay tuned

[rolejnik 0]

Hello,

is it possible to filter PCs by Serial Number? If not, can you add this option?

[karlisi 26]

Yes, use built in report "Computer hardware overview"

[jclose 0]

The new UI does not give you an option to "Finish" or save the creation of a new installer without having to click on "Customize Installer" first.  Once you click on Customize it basically option the old UI and then you are able to Finish/Save.

I have case  #00326191 where I worked with Will to work around this and figure out how to still create and save a new installer.

[user209 0]

I commonly find myself having to repeat searches twice in ESET PROTECT, due to whitespaces accidentally copied/pasted from other sources of hostnames/IP addresses. Note that I am on the newest version of ESET Protect.

If a search for a computer is performed in ESET protect, if a whitespace is at the beginning or end, it may show No Results for an existing computer, without an immediately clear indication as to why for non-advanced users. Further investigation revealed copy/pasting hostnames commonly brings along unwanted whitespaces.

Because valid "computer names" will rarely contain whitespaces at the beginning or end of the string (at least in my environment), it makes sense to automatically delete any trailing or leading whitespaces from strings entered into the search box at the top of ESET PROTECT, specifically for computer names & IP address searches.

Implementing this will reduce time spent working and investigating,  as searches wont need to be repeated and modified as often. It will also make the product appear to run better.

[user209 0]

In the ESET PROTECT Sysinspector log viewer, it is impossible to copy text from any of the fields without viewing the source code, or using the "Inspect Element" browser tools to copy and paste the data.

Please note this is when used in the ESET PROTECT Sysinspector log viewer.

It should be seamless to copy a path, registry key, etc from the log viewer without needing to export and add 30 seconds of more time.

To reproduce, open ESET protect, request the sysinspector log from a host, then open up the log viewer in the browser. Try to copy and paste any of the filesystem paths shown.

[tomha 3]

Description: Performance exclusion  in-path wildcard support

Detail: Possibility to use wildcards for performance exclusions in the middle of the given path, not only at the end

For example: Exclusion: C:\Users\*\myFolder\*

Reason: Software writing to the actual users %appdata% folder is compromised by realtime scanning. Multiple users are alternately working on the computer. So we need to set an exclusion for each users %appdata% path and do so if new users are added (especially problematic in Domain environments).

 

We agree, that such exclusions are potentially unsafe, but to exclude C:\Users\*\myFolder\* is more secure than excluding C:\Users\*, what we have to do now.

Edited April 6, 2022 by tomha

[Sec-C 5]

Description: Provide "process signature" and "process signature verification status" in real-time scaner logs

Detail: In the logs of the real-time scanner eset already provides information which "process name" tried to access a suspicious file. Since a lot of windows security is based on processes signing, it would make sense to also add the signature information to the log. When the process name is "firefox.exe" and the process is signed by "mozilla corporation" and the process signature is "valid", then I can be sure that the process is not a virus pretending to be Firefox.
 

 

[Marcos 5,074]

On 4/6/2022 at 12:38 PM, tomha said:

Description: Performance exclusion  in-path wildcard support

This doesn't concern ESET PROTECT but endpoint and server security products. Wildcards in the middle of the path may work but are not officially supported. Even if they work, they may stop working after adding other exclusions. Wildcards in the middle of the path are supported only for Detection exclusions when you specify the SHA1 or the detection name in the exclusion. Wildcards will not be supported in the middle of the path mainly for performance reasons.

[dylanm 2]

Description: Edit Endpoint/Security Product configurations and other Policy improvements.
Details:
Currently the only supported way of remotely editing the underlying configuration of an installed Security Product is to use a Run Command task and ecmd to import a configuration. This is annoying since you have to already be in possession of a desired configuration in .xml format. If you aren't in possession of an .xml file as a template to write a new configuration you have to obtain one by running an ecmd export task and then remotely pull the file.
An admin can request the configuration from a machine but that configuration also includes applied policies. A requested configuration can be downloaded as a .dat file which is not so secretly a base64 encoded json file. There is no way to convert a downloaded json/policy to a product configuration xml.

For server products it is possible to script eshell to change configurations, except that eshell isn't bundled with client endpoint protection products.

The whole ecmd process is a hassle and then on top of that you're editing an xml file.

Feature requests:

1. Add the ability to export/download product policy to a product .xml configuration file.
2. Add the ability to import a product configuration file to a policy.
3. Add the ability to merge two or more policies of the same product.
4. Add the ability to view the difference between two product configurations/policies.
5. Add the ability to convert an existing policy for a product to a policy for a different product.
   For example: If I wanted to convert an ESET Server Security for Windows policy to an Endpoint policy, where the configurable components are probably 90% identical, I should be able to select it as action from the policies menu or the edit menu. After it is converted there should be a note somewhere saying that incompatible settings, like OneDrive scanning, were dropped in the conversion.
6. Add the ability to edit a product's configuration on a computer from the ESET Protect administration page. Just like editing it from the computer itself.
7. Ship protection products with a read-only copy of a default configuration for the product.
8. Ship ESET Protect console with copies of default configurations for the programs it manages. Either a UI option to download a configuration or keep copies in the install target directory or the application's data directory.
9. Add a security product task to set a product configuration to a provided policy (like configuring All-In-One installers).
10. Add a security product task to set a product configuration to a given .xml file (essentially ecmd import except as an actual task).
11. Add a security product task to reset a product's configuration. Task settings for:
    1. Resetting the whole product configuration.
    2. Ability to select individual modules/sections to reset to their defaults.
    3. Ability to ignore or reset HIPS rules, firewall rules, exceptions and so on. Any of the detailed configuration rules/lists that get prepended/replaced/appended should also be configurable for a reset.

[dylanm 2]

Description: Add learning rule aggregation and analysis.

Details: HIPS has a learning mode and so does the firewall. It would be great if the management server could collect all of the learning data from all (or select) managed clients and present it in one big workbook that labeled how many times a learned rule was hit and on how many clients. If related rules are created (or hits are logged) across multiple clients it should be possible to automatically or with assistance create simplified rules by combining similar ports/port-ranges/program names/source or destination addresses and so on.

[Sec-C 5]

Description: Allow active directory group membership to be used in dynamic group templates or policy assignments

Detail: We currently have a dynamic group template which sorts all devices of selected users into a "dynamic group". Then we assign special policies to these dynamic groups.

However, the list of employees changes frequently and the list has to be updated by hand.
On the other hand, our active directory has a user group which is automatically kept up to date. Instead of manually replicating the ad group members in the eset template, it would be easier and more reliable to just reference the ad group in the template and have a sync task replicate the usernames.

 

[JeremyStantiall 1]

My Suggestions are all for Eset Protect. I work for an MSP and we are managing Eset for hundreds of clients. These are all quality of life suggestions. 

Software Install Tasks - Allow for a latest version selection rather than specific. You guys are regularly updating and we are either in the position of having 100's of installers tasks or having out of date installer tasks.

Allow licenses to be locked to static group. IE you apply license to Customer X and all devices in that group have that license applied. This would also allow for use of generic tasks rather than individual.

Allow the blocking the install of some products ie Eset Endpoint Anti-virus. We only use Endpoint Security and because humans we always seem to have the odd Endpoint Anti-Virus device floating around.

Granular security. Specifically I would like to be able to block the ability for users or a group of users to run tasks on the entire top level (All customers). I had a situation where a junior mistakenly created a installer task for Endpoint Security and pushed it to everything instead of one device (unfortunately easy to do if you don't pay attention). This took me 2 days to correct.   

 

[Sec-C 5]

Description: Improve Browser Plugin handling

Detail: Browser Plugins are an ever growing security threat. They have privileged access to web traffic (inject/redirect traffic, read passwords, manipulate downloads), don't need admin rights, are persistent, remotely updatable, synced across all user devices, and their actions cannot be distinguished from the legitimate main browser process. Adware and Malware are increasingly often distributed as Browser Plugins.

• It would help to see a list of all browser plugins installed on a computer in Eset Protect without the need to deploy 3rd party tools (like Nirsoft's BrowserAddonsView).
• It would also help, if Eset Protect would offer a way to uninstall/block selected browser plugins

Edited June 29, 2022 by Sec-C
refining

[MichalJ 434]

Hello, @JeremyStantiall Thank you for your feedback. You should have posted it in the "Future Changes for ESET PROTECT", but rest assured that you feedback has been seen, and forwarded to our product management team for proper tracking. 

Thank you,

Michal 

[Msean 0]

It would be good to have Brave Browser added to the list of supported browsers. It has a small market share, but I suspect it is widely used by security minded people.

[Daron Giles 0]

I manage 5 domains in a single ERA instance and some of the organizational units (OUs) have the same or similar names between the different domains. This makes it hard to choose the correct static group in forms like the assign policies screen. Suggest adding the a field or column to choose wherever static groups are listed for assigning policies, etc.

  

[MichaelWest 0]

Description

Add support for proxy authentication for agent connections.

Detail

Our company is moving to requiring a authenticated proxy connection for all traffic to external services. They are not going to allow unauthenticated connections and no firewall rules for direct-network access. I worked with ESET support and it looks like authenticated proxy isn't supported for the replication fxnality ESET using a proxy. I'm not sure I'll be able to get an exception to this company-wide security rule, so this may require us to move off ESET as our AV solution.

[Marcos 5,074]

5 hours ago, MichaelWest said:

Description

Add support for proxy authentication for agent connections.

Proxy authentication has been supported from the beginning:

[MichaelWest 0]

Hi @marcos. I've been working with Alex in business support who could possibly provide more information. There is a certificate negotiation problem as far as I can tell. Alex said that auth is supported for caching functions but not replication. Your documentation online says that a proxy must not require authentication.
https://help.eset.com/protect_install/91/en-US/arch_proxy.html
At our company we're being migrated to all outbound traffic going through squid proxy requiring auth. They're moving away from direct internet access via firewall rules. We've had in place an on-prem ESET Protect Server with firewall opened to ESET cloud services, and your apache proxy on the eset server. We're trying to migrate to ESET Protect Cloud using our proxy with auth, and I've been unable to get this working with your support team. 

I'd appreciate any help you can give trying to figure this out. Our deployment methodology btw is to install agent_x64.msi alongside the install_config.ini file provided via the Installers page in our cloud management console. 

Edited July 28, 2022 by MichaelWest
clarification

[mathisbilgi 0]

ESET Protect setup is deleting apache http proxy cache from disk while upgrading apache http proxy. the problem is that method it uses to delete files is tooo slow. sometimes it takes 1-2 hours to remove files if disk there is iops bottleneck.

This situation has been causing pain for 5 years. except this one, eset protect is perfect product.

 

Edited August 2, 2022 by mathisbilgi