Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)

[Marcos 5,074]

4 hours ago, mathisbilgi said:

ESET Protect setup is deleting apache http proxy cache from disk while upgrading apache http proxy. the problem is that method it uses to delete files is tooo slow. sometimes it takes 1-2 hours to remove files if disk there is iops bottleneck.

We haven't heard about an upgrade of the https proxy taking 1-2 hours. Since the developer of the product is Apache, we recommend contacting them for assistance with the issue.

[mathisbilgi 0]

15 hours ago, Marcos said:

We haven't heard about an upgrade of the https proxy taking 1-2 hours. Since the developer of the product is Apache, we recommend contacting them for assistance with the issue.

Marcos, you missed the key point. If you upgrade Apache HTTP Proxy, ESET Protect setup has started to clean files under C:\programdata\apache http proxy 2.4.53\cache\ directory. while eset protect setup doing this delete operation, it uses the del command and deletes thousands cache files one by one.

So think that there is thousands cache file under C:\programdata\apache http proxy\cache\ folder and think that del command will delete one by one and it will write console output for every file. like this

del C:\programdata\apache http proxy 2.4.53\cache\xyz

deleted

C:\programdata\apache http proxy 2.4.53\cache\xyq

deleted

It takes massive time. if you haven't heard 1-2 hours installation time, I could send the anydesk record of protect upgrade.

[rmdir32 3]

Hello, is it possible to implement an option where a "Request Endpoint Logs" task is enabled via button, similar to "Request Configuration", except it would be for pulling Endpoint logs into ESET Protect?

This way of utilizing a button which calls the request from the ESET Protect Server limits the server from being overwhelmed with constant data; but it is possible to view all Endpoint Log files and not just those which have thrown an error.
[Endpoint Logs: Detections, Events, Computer Scan, Sent Files, Blocked Files, Audit Logs, HIPS, Network Protection, Filtered Websites, AntiSpam Protection, Web Control, Device Control]

Kind regards,

[Marcos 5,074]

1 minute ago, rmdir32 said:

This way of utilizing a button which calls the request from the ESET Protect Server limits the server from being overwhelmed with constant data; but it is possible to view all Endpoint Log files and not just those which have thrown an error.
[Endpoint Logs: Detections, Events, Computer Scan, Sent Files, Blocked Files, Audit Logs, HIPS, Network Protection, Filtered Websites, AntiSpam Protection, Web Control, Device Control]

You can collect all logs by running ESET Log Collector in client details -> Logs -> Log Collector.

[Tice 0]

Description: Better ESET Full Disk Encryption software information

Detail: It would be great to have better information in relation to the Full Disk Encryption software. Currently, I see alerts for missing recovery passwords and data under the Status Overview page (red !'s, and I'm also not sure why there's a yellow ! next to the computer encryption line since that indicates a problem), but I have to click into the list of bad computers, and I cannot see the actual alert under the computer itself. As you can see in the attached picture, there are no alerts shown on the computer side, until I go into Manage > Restore Access > Recovery Password.

It would also be nice to be able to delete the old recovery passwords in the list, since I'm now seeing a few computers with multiple recovery passwords, and only one of them works, but you have to try each one. If you can't delete them, maybe just provide a way to display which ones no longer work, or which one is the active one.

Thank you.

[Peter Randziak 1,130]

Hello @mathisbilgi

On 8/3/2022 at 9:48 AM, mathisbilgi said:

Marcos, you missed the key point. If you upgrade Apache HTTP Proxy, ESET Protect setup has started to clean files under C:\programdata\apache http proxy 2.4.53\cache\ directory. while eset protect setup doing this delete operation, it uses the del command and deletes thousands cache files one by one.

So think that there is thousands cache file under C:\programdata\apache http proxy\cache\ folder and think that del command will delete one by one and it will write console output for every file. like this

del C:\programdata\apache http proxy 2.4.53\cache\xyz

deleted

C:\programdata\apache http proxy 2.4.53\cache\xyq

deleted

It takes massive time. if you haven't heard 1-2 hours installation time, I could send the anydesk record of protect upgrade.

The Apache based HTTP proxy will be completely replaced in the future ESET PROTECT releases.

Stay tuned for BETA, which might appear in a foreseeable future...

Peter

[Tice 0]

Description: Prevent sequences in ESET Full Disk Encryption policy

Detail: I would like to request the option of being able to prevent users from using a sequence, such as 123456, 000000, etc, in the Password Requirements section of the ESET Full Disk Encryption Password Policies, so that we can allow the users to unlock with a pin, instead of a password/passphrase.

[Sec-C 5]

Description: new client task "Upload quarantined file to Eset Protect server"

Detail: Currently, files quarantined on an eset endpoint can only be upload to a windows file server (via client task). This requires 2 things:
1) a windows file server
2) network access to the windows file server (which can be a problem when the endpoint is a server in a firewalled DMZ)

It would be much easier, if there was a way to request the transfer of a quarantined file directly to Eset Protect, using the existing management agent connection (agent port 2222 + agent http proxy settings). This way you can get hold of quarantined files immediately (for fast evaluation and response), without requiring additional infrastructure or network firewall changes.

[Nono 3]

Description: Adding a more fine tuned way of filtering  rules (HIPS, etc)

Detail: Currently on HIPS rules, you can specify only the exact file name at the end of the path for source application.

Wildcard works only for inner path like : C:\Users\\AppData to replace any AppData user's folder.

It would be really useful to have a more fine tuned filtering options like the following :

 

* (single wildcard) permits any sequence of characters between directory terminators. Single wildcards are NOT recursive. For example:
c:\example\* allows anything to run in c:\example.
c:\example*\temp.exe allows a file called temp.exe to run within in a single subdirectory of c:\example
c:\example*\system*.exe allows any file with the extension .exe to run, within two subdirectories of c:\example (with the latter subdirectory called system)

** (double wildcard) permits any sequence of characters for the remainder of a path. Double wildcards ARE recursive. For example:
c:\example** allows any file to run in c:\example and all subdirectories
c:\example**.dll allows any file with the extension .dll to run in c:\example and all subdirectories

? (question mark) permits the replacement of a single character in a path. For example:
c:\example\explore?.exe would allow c:\example\explorer.exe to run but not c:\example\explorer2.exe
c:\??ample\explorer.??? would allow c:\example\explorer.exe, c:\example\explorer.dll and c:\trample\explorer.exe to run
?:\test.exe would allow the file test.exe to run on any drive letter.

[IT Administrator 0]

Description:  Add variables to all notification options

Detail:  The use of variables is only working for specific notification events.  It would be very useful to get a weekly "outdated computer software" email with a list of the outdated computer names.  There are a dozen others I would use if there was a way to update the body of the email with variables.

[Zen11t 6]

Description: Disable Warning "Your operating system is outdated" in ESET Protect

Details: On the clients we can disable this warning, need options to hide on ESET Protect too.

[Marcos 5,074]

44 minutes ago, Zen11t said:

Description: Disable Warning "Your operating system is outdated" in ESET Protect

Details: On the clients we can disable this warning, need options to hide on ESET Protect too.

To my best knowledge this is already supported in Endpoint v10 which, however, supports only Windows 10 and 11. That said, should Windows 10 become unsupported in a few years it will be possible to disable reporting of the status to the console.

[rmdir32 3]

Description: ESET Protect Cloud ability to store and view changes made to policies in Audit Log.

Detail:
Customer is in the healthcare industry and has to abide by many high level certifications and audits which many deal with logging changes in their operating environment. Currently attempting to use the "Show object details" when viewing Audit log of a particular policy; however this only shows the current policy settings and does not display a log of changes made.

ESET products play a key role in their protection and having this ability to track specific changes within the many policies that they have plays into this area of logging important changes. 

Without having a native ESET log that shows specific changes from one edit to the next, they are lacking in this area when it comes time to present to auditors and other certification bodies. 

This would be a huge benefit to their company in particular and also serves as a great feature to include in ESET overall. 
 

 

Edited January 19, 2023 by rmdir32

[MKHAI 6]

ESET PROTECT console: Products should not be marked as outdated until the next product's auto-upgrade is released.

Let's refer to this existing post:

 

My ESET PROTECT console dashboard's Component Version Status is lit up in red (Legacy) despite being properly configured for automatic upgrades/updates and all of the clients being on EEA v9.0/9.1. The endpoints' status should remain in a blue "Waiting" status for any supported versions until the auto-upgrade is released.

 

[Tomasz Trynkowski 9]

On 1/18/2023 at 10:08 AM, Marcos said:

To my best knowledge this is already supported in Endpoint v10 which, however, supports only Windows 10 and 11. That said, should Windows 10 become unsupported in a few years it will be possible to disable reporting of the status to the console.

Like mentioned above, it's not an Endpoint issue (as we can already disable this notifications on clients). It is a Protect issue, because even if the notification gets disabled clientside, Protect still shows it.

There's no need to update old Endpoint clients to not send this notification. What is needed is a Protect setting to not show it.

And yes, it should work for systems older than Windows 10 too.

Edited February 20, 2023 by Tomasz Trynkowski

[Marcos 5,074]

22 hours ago, Tomasz Trynkowski said:

Like mentioned above, it's not an Endpoint issue (as we can already disable this notifications on clients). It is a Protect issue, because even if the notification gets disabled clientside, Protect still shows it.

The notification about outdated OS does not appear on managed Endpoint installed on Windows 7/8 and is only reported to ESET PROTECT. Unfortunately it cannot be disabled since it was added via a module update and was not naturally included in the product when older versions of Endpoint were released. ESET PROTECT merely shows the information that Endpoint sends.

[Tomasz Trynkowski 9]

On 2/21/2023 at 11:50 AM, Marcos said:

The notification about outdated OS does not appear on managed Endpoint installed on Windows 7/8 and is only reported to ESET PROTECT. Unfortunately it cannot be disabled since it was added via a module update and was not naturally included in the product when older versions of Endpoint were released. ESET PROTECT merely shows the information that Endpoint sends.

In that case what we need is an option to filter out that information on the PROTECT side. Or a filter for alerts in general. Having to wait several years for OSes to change is not a solution.

[Marytech 0]

hello,

i want to ask you to add stop all on demand scan for other os than windows server. adn to add the ability to stop all tasks assigned to clients and to see the progress pourcentage of tasks assigned and being excuted. 

 

Best regards

[labynko 5]

Description: additional criteria required to exclude network detections.

Detail: ESET PROTECT 10.0.14.0 has a strange limitation with criteria options for excluding network detections.
The allowed combinations of criteria do not at all meet the current security requirements: the criteria are quite broad and do not allow you to specify an exception more precisely.
Currently valid exclusion criteria are:
- detection, application, IP address
- IP address
- Detection
- Application
Often when an attack is detected, the application is not identified and thus only two options are left for selection.
Optimal missing set of criteria:
- detection, IP address
But it would be nice to add other combinations:
- Application, IP address
- Detection, Application

[labynko 5]

Description: "does not contain" filter is missing in ESET PROTECT's report template filter settings

Detail: In ESET PROTECT, there is a rather limited choice in the report template filter settings.

For example, it is not possible to create a filter condition to exclude the occurrence of any string ("does not contain" condition).

[labynko 5]

Description: add automatic update of ESET Management Agent via PCU.

Detail: if I'm not mistaken, there is currently no mechanism for updating ESET Management Agent via PCU.

If so, it would be nice to add this feature.

[Marcos 5,074]

3 hours ago, labynko said:

Description: add automatic update of ESET Management Agent via PCU.

Detail: if I'm not mistaken, there is currently no mechanism for updating ESET Management Agent via PCU.

If so, it would be nice to add this feature.

This has been supported for some time already. Please read https://help.eset.com/protect_admin/10.0/en-US/agent_autoupgrade.html for more information.

[labynko 5]

Description: in ESET PROTECT add sorting by "TARGET NAME" column in the policy assignment section

Detail: In ESET PROTECT, it is very inconvenient to check to whom a policy is assigned, because no sorting by "TARGET NAME" column

[labynko 5]

Description: add tag editor (rename) to ESET PROTECT

Detail: If I'm not mistaken, there is no way to rename tags in ESET PROTECT. Because in ESET PROTECT the use of tags is a very convenient and powerful mechanism, it would be nice if there was an option to rename tags.

[Chris Jones - Boyd Company 0]

Description: 
Request to update Apache Commons Text to version 1.10.0
I am referencing hxxps://nvd.nist.gov/vuln/detail/cve-2022-42889

Detail: 

I recently moved our ESET Protect to Windows Server 2019 from 2012 R2, I'm trying to patch Apache Commons Text to version 1.10.0, but I am not able to do so without breaking the ESET web console. Is it possible to patch Apache Commons Text to 1.10.0 in a future patch?

Flagged files on our ESET Protect server:

C:\\Program Files\\Apache Software Foundation\\apache-tomcat-9.0.68\\webapps\\era\\WEB-INF\\lib\\commons-text-1.9.jar
C:\\Program Files\\Microsoft SQL Server\\150\\DTS\\Extensions\\Common\\Jars\\commons-configuration-1.6.jar

Please reference my ESET Support Case Update: #00503524

Thank you!!