Jump to content

Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)


Marcos
 Share

Recommended Posts

Thanks Karlis & Zoltan - Zoltan's idea may work if we could use the count function for the serial number and not just computer. I couldn't work out how to do this. 

I was able to do a report which included the computer serial numbers, so we could do it manually, which may be adequate for now, but open to any other suggestions.

Link to comment
Share on other sites

Please enable the ability to edit an Installer instead of having to delete and recreate it.  I have over 300 Installers and saving even 1 minute for each time I have to recreate it amounts to hours.  It would be great if I could do this for installers that "expire" as well as for installers that just need a tweak.

Link to comment
Share on other sites

2 hours ago, Troldahl said:

Please enable the ability to edit an Installer instead of having to delete and recreate it.  I have over 300 Installers and saving even 1 minute for each time I have to recreate it amounts to hours.  It would be great if I could do this for installers that "expire" as well as for installers that just need a tweak.

You can edit them

obraz.png.91ce473770ad3ef971acc020f44b44b4.png

Link to comment
Share on other sites

When in the Protect Cloud screen, whether Detections, Computers, or whichever, it would be nice to be able to search for records that do NOT match a text.  For example, in the Detections, I might want to only look at detections that are Not CVEs.  Since the CAUSE box is a text box, adding a checkbox for "NOT" would let me type in CVE and see everything else.

Link to comment
Share on other sites

  • ESET Staff
20 hours ago, Troldahl said:

When in the Protect Cloud screen, whether Detections, Computers, or whichever, it would be nice to be able to search for records that do NOT match a text.  For example, in the Detections, I might want to only look at detections that are Not CVEs.  Since the CAUSE box is a text box, adding a checkbox for "NOT" would let me type in CVE and see everything else.

Thank you very much for your suggestion. We also have a negative filter in your backlog. We plan to pilot it on the computer screen with a new Filter Advisor (planned in H1/2022). Please stay tuned ;)

Link to comment
Share on other sites

The new UI does not give you an option to "Finish" or save the creation of a new installer without having to click on "Customize Installer" first.  Once you click on Customize it basically option the old UI and then you are able to Finish/Save.

I have case  #00326191 where I worked with Will to work around this and figure out how to still create and save a new installer.

Link to comment
Share on other sites

  • 2 weeks later...

I commonly find myself having to repeat searches twice in ESET PROTECT, due to whitespaces accidentally copied/pasted from other sources of hostnames/IP addresses. Note that I am on the newest version of ESET Protect.

If a search for a computer is performed in ESET protect, if a whitespace is at the beginning or end, it may show No Results for an existing computer, without an immediately clear indication as to why for non-advanced users. Further investigation revealed copy/pasting hostnames commonly brings along unwanted whitespaces.

Because valid "computer names" will rarely contain whitespaces at the beginning or end of the string (at least in my environment), it makes sense to automatically delete any trailing or leading whitespaces from strings entered into the search box at the top of ESET PROTECT, specifically for computer names & IP address searches.

Implementing this will reduce time spent working and investigating,  as searches wont need to be repeated and modified as often. It will also make the product appear to run better.

Link to comment
Share on other sites

  • Marcos changed the title to Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)
  • Marcos pinned this topic

In the ESET PROTECT Sysinspector log viewer, it is impossible to copy text from any of the fields without viewing the source code, or using the "Inspect Element" browser tools to copy and paste the data.

Please note this is when used in the ESET PROTECT Sysinspector log viewer.

It should be seamless to copy a path, registry key, etc from the log viewer without needing to export and add 30 seconds of more time.

To reproduce, open ESET protect, request the sysinspector log from a host, then open up the log viewer in the browser. Try to copy and paste any of the filesystem paths shown.

Link to comment
Share on other sites

  • 2 weeks later...

Description: Performance exclusion  in-path wildcard support

Detail: Possibility to use wildcards for performance exclusions in the middle of the given path, not only at the end

For example: Exclusion: C:\Users\*\myFolder\*

Reason: Software writing to the actual users %appdata% folder is compromised by realtime scanning. Multiple users are alternately working on the computer. So we need to set an exclusion for each users %appdata% path and do so if new users are added (especially problematic in Domain environments).

 

We agree, that such exclusions are potentially unsafe, but to exclude C:\Users\*\myFolder\* is more secure than excluding C:\Users\*, what we have to do now.

Edited by tomha
Link to comment
Share on other sites

Description: Provide "process signature" and "process signature verification status" in real-time scaner logs

Detail: In the logs of the real-time scanner eset already provides information which "process name" tried to access a suspicious file. Since a lot of windows security is based on processes signing, it would make sense to also add the signature information to the log. When the process name is "firefox.exe" and the process is signed by "mozilla corporation" and the process signature is "valid", then I can be sure that the process is not a virus pretending to be Firefox.
 

 

Link to comment
Share on other sites

  • Administrators
On 4/6/2022 at 12:38 PM, tomha said:

Description: Performance exclusion  in-path wildcard support

This doesn't concern ESET PROTECT but endpoint and server security products. Wildcards in the middle of the path may work but are not officially supported. Even if they work, they may stop working after adding other exclusions. Wildcards in the middle of the path are supported only for Detection exclusions when you specify the SHA1 or the detection name in the exclusion. Wildcards will not be supported in the middle of the path mainly for performance reasons.

Link to comment
Share on other sites

  • 2 weeks later...

Description: Edit Endpoint/Security Product configurations and other Policy improvements.
Details:
Currently the only supported way of remotely editing the underlying configuration of an installed Security Product is to use a Run Command task and ecmd to import a configuration. This is annoying since you have to already be in possession of a desired configuration in .xml format. If you aren't in possession of an .xml file as a template to write a new configuration you have to obtain one by running an ecmd export task and then remotely pull the file.
An admin can request the configuration from a machine but that configuration also includes applied policies. A requested configuration can be downloaded as a .dat file which is not so secretly a base64 encoded json file. There is no way to convert a downloaded json/policy to a product configuration xml.

For server products it is possible to script eshell to change configurations, except that eshell isn't bundled with client endpoint protection products.

The whole ecmd process is a hassle and then on top of that you're editing an xml file.

Feature requests:

  1. Add the ability to export/download product policy to a product .xml configuration file.
  2. Add the ability to import a product configuration file to a policy.
  3. Add the ability to merge two or more policies of the same product.
  4. Add the ability to view the difference between two product configurations/policies.
  5. Add the ability to convert an existing policy for a product to a policy for a different product.
    For example: If I wanted to convert an ESET Server Security for Windows policy to an Endpoint policy, where the configurable components are probably 90% identical, I should be able to select it as action from the policies menu or the edit menu. After it is converted there should be a note somewhere saying that incompatible settings, like OneDrive scanning, were dropped in the conversion.
  6. Add the ability to edit a product's configuration on a computer from the ESET Protect administration page. Just like editing it from the computer itself.
  7. Ship protection products with a read-only copy of a default configuration for the product.
  8. Ship ESET Protect console with copies of default configurations for the programs it manages. Either a UI option to download a configuration or keep copies in the install target directory or the application's data directory.
  9. Add a security product task to set a product configuration to a provided policy (like configuring All-In-One installers).
  10. Add a security product task to set a product configuration to a given .xml file (essentially ecmd import except as an actual task).
  11. Add a security product task to reset a product's configuration. Task settings for:
    1. Resetting the whole product configuration.
    2. Ability to select individual modules/sections to reset to their defaults.
    3. Ability to ignore or reset HIPS rules, firewall rules, exceptions and so on. Any of the detailed configuration rules/lists that get prepended/replaced/appended should also be configurable for a reset.
Link to comment
Share on other sites

Description: Add learning rule aggregation and analysis.

Details: HIPS has a learning mode and so does the firewall. It would be great if the management server could collect all of the learning data from all (or select) managed clients and present it in one big workbook that labeled how many times a learned rule was hit and on how many clients. If related rules are created (or hits are logged) across multiple clients it should be possible to automatically or with assistance create simplified rules by combining similar ports/port-ranges/program names/source or destination addresses and so on.

Link to comment
Share on other sites

  • 3 weeks later...

Description: Allow active directory group membership to be used in dynamic group templates or policy assignments

Detail: We currently have a dynamic group template which sorts all devices of selected users into a "dynamic group". Then we assign special policies to these dynamic groups.

image.thumb.png.ee367648073d1946bcca263891c7e150.png

However, the list of employees changes frequently and the list has to be updated by hand.
On the other hand, our active directory has a user group which is automatically kept up to date. Instead of manually replicating the ad group members in the eset template, it would be easier and more reliable to just reference the ad group in the template and have a sync task replicate the usernames.

 

Link to comment
Share on other sites

My Suggestions are all for Eset Protect. I work for an MSP and we are managing Eset for hundreds of clients. These are all quality of life suggestions. 

Software Install Tasks - Allow for a latest version selection rather than specific. You guys are regularly updating and we are either in the position of having 100's of installers tasks or having out of date installer tasks.

Allow licenses to be locked to static group. IE you apply license to Customer X and all devices in that group have that license applied. This would also allow for use of generic tasks rather than individual.

Allow the blocking the install of some products ie Eset Endpoint Anti-virus. We only use Endpoint Security and because humans we always seem to have the odd Endpoint Anti-Virus device floating around.

Granular security. Specifically I would like to be able to block the ability for users or a group of users to run tasks on the entire top level (All customers). I had a situation where a junior mistakenly created a installer task for Endpoint Security and pushed it to everything instead of one device (unfortunately easy to do if you don't pay attention). This took me 2 days to correct.   

 

Link to comment
Share on other sites

Description: Improve Browser Plugin handling

Detail: Browser Plugins are an ever growing security threat. They have privileged access to web traffic, don't need admin rights, are persistent, remotely updatable, synced across all user devices, and their actions cannot be distinguished from the legitimate main browser process. Adware and Malware are increasingly often distributed as Browser Plugins.

  • It would help to see a list of all browser plugins installed on a computer in Eset Protect without the need to deploy 3rd party tools (like Nirsoft's BrowserAddonsView).
  • It would also help, if Eset Protect would offer a way to uninstall/block selected browser plugins
Link to comment
Share on other sites

  • 2 weeks later...
  • ESET Staff

Hello, @JeremyStantiall Thank you for your feedback. You should have posted it in the "Future Changes for ESET PROTECT", but rest assured that you feedback has been seen, and forwarded to our product management team for proper tracking. 

Thank you,

Michal 

Link to comment
Share on other sites

  • 4 weeks later...

It would be good to have Brave Browser added to the list of supported browsers. It has a small market share, but I suspect it is widely used by security minded people.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...