Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)

[pps 4]

2 minutes ago, MichalJ said:

@AStevens.SHG Understood. You can currently use "is one of" instead of multiple "AND" conditions in the upcoming ESMC. We anticipate the release next month (although, it might be a subject of a change eventually). 

@pps  I have understood your request in the way, that you want to be able to better see who paused which protection after authenticating using the username / password. Having multiple passwords is a workaround, proper solution would be to track the user, who paused / disables the protection. Is this assumption correct? 

It's not what I mean but that could be useful too if it's implemented in some way.

My request is focused in the changes made locally by hand in each workstation and not centrally through ERA Console. Now the team has one password to login to endpoint advanced Setup and we can't trace who pauses the firewall or who deactivates the web control.

Is it possible for each user that has access to ERA Console to have a separate password for login to workstations into the Advanced Setup?

[MichalJ 434]

@pps No, this is not possible. However we have previously requested a "settings audit" that would show which setting was set by whom, and when (auditing of setting changes). Despite using a one password by all, you will always know, who did the change, as it would be logged. As of, this is not done, but we have it in the backlog. Currently, password is not a "list" but instead a conventional setting. Also, you can prevent you users to adjusting the local settings, by the means of sending them via the policy. 

[AStevens.SHG 7]

56 minutes ago, MichalJ said:

@AStevens.SHG Understood. You can currently use "is one of" instead of multiple "AND" conditions in the upcoming ESMC. We anticipate the release next month (although, it might be a subject of a change eventually). 

@pps  I have understood your request in the way, that you want to be able to better see who paused which protection after authenticating using the username / password. Having multiple passwords is a workaround, proper solution would be to track the user, who paused / disables the protection. Is this assumption correct? 

Thanks @MichalJ so hopefully pretty soon for v7, not months away/end of year or next year kind of thing, granted things can slip of course for variety of reasons.

"is one of" or the current "in" works to allow multiple matches of one criteria, the options being pre-existing. But for combining a multiple separate conditions, the only way currently is to get fancy with regex (if that's an option on the particular field), which I've had trouble in the past with ESET accepting the regex syntax when trying to do bit more complex (yes to these, no to those words/letters/symbols/etc.).

Nesting can be complex, but can also provide a lot more flexibility, Dynamic groups and reports of course.

[MichalJ 434]

@AStevens.SHG I do agree with the need for nested conditions. We have it tracked as a backlog request, but as it requires a bit bigger changes it was not put "high enough". But it was evaluated in the past, so I will link your request to that post, and increase the priority a bit. 

[AStevens.SHG 7]

Description: Remove old Active Directory users from Mapped Domain Security Groups in Access Rights.

Detail: We use Mapped Domain Security Group from Active Directory to grant permission sets to users, Administrators, Read Only Administrators, Service Desk Users, Reporting Users, etc.

However, when those users leave the business, and their AD accounts are disabled and deleted, they're still listed in the Domain Users tab for Mapped Domain Security Groups.

Although those accounts can no longer login to ERA, to keep it tidy and security/auditors happy, we would like to be able to remove them.

[ilyak 0]

Description: Global variables for notifications

Detail: 

Currently the subject line is very generic static text for example "Threat Notification" we would like to be able to add variables for the information available to both the subject and body of the email.

Variables to include would be based on the log type. For example an Antivirus threat would include the following:

Computer name, Static Group, Severity, Time of occurrence, Threat type, Threat name, Threat flags, Scanner, Scan log reference, Object type, Object URI, Action performed, Action error, Threat handled, Restart required, User, Process name, Circumstances, Virus signature database, Hash of detected file

 

So that the subject line could be Threat Notification detected for  %Computer name% - %static group%

And the body of the message can be custom formatted in a way that would be easier to read or parse as opposed to the current method

 

 

[Marcos 5,074]

4 minutes ago, ilyak said:

Description: Global variables for notifications

This is already implemented in ESMC that will be unveiled in a few weeks

[ilyak 0]

1 hour ago, Marcos said:

This is already implemented in ESMC that will be unveiled in a few weeks

Is ESMC a replacement for ERA or will work in conjunction with it?

[Marcos 5,074]

13 minutes ago, ilyak said:

Is ESMC a replacement for ERA or will work in conjunction with it?

ERA v7+ will be called ESET Security Management Center.

[Society 3]

Hi team!

Description: Save reports to a shared folder / network directory.

Detail: Currently, it's just possible to save reports in ERA 6 to the default Windows/ Linux path. This is a bit difficulty to get results faster.

Thank you.

 

[MichalJ 434]

@Society Thank you for your feedback. We are already tracking the improvement for such functionality, so I have added your "vote" to it. Just out of curiosity, how frequently are you generating reports? Don´t you use the e-mail delivery method, or on-demand download of the report output using web-console? Or you more have some scheduled regular tasks, that are placed into the (currently) default directory?

[pps 4]

Description: Disable The Active Notifications

Detail: 

There is no way to disable any active notifications from the below screen. 

 

[MichalJ 434]

@pps Already solved in the V7.

[pps 4]

That would be a very useful feature.

For 6 different locations we get a report from each of them weekly and a monthly, 30 reports in total monthly 360 yearly.

If you can archive those reports with auto generated Yearly and Monthly folders it will help as well.

15 minutes ago, MichalJ said:

@Society Thank you for your feedback. We are already tracking the improvement for such functionality, so I have added your "vote" to it. Just out of curiosity, how frequently are you generating reports? Don´t you use the e-mail delivery method, or on-demand download of the report output using web-console? Or you more have some scheduled regular tasks, that are placed into the (currently) default directory?

 

Edited June 7, 2018 by pps
quote

[pps 4]

Hello,

Description: Exclude disabled computers in AD sync

Detail: Exclude disabled computers when running task with  Active Directory  sync or give the choice inside the task to include or exclude disabled computers

 

[kingoftheworld 10]

1 hour ago, pps said:

Hello,

Description: Exclude disabled computers in AD sync

Detail: Exclude disabled computers when running task with  Active Directory  sync or give the choice inside the task to include or exclude disabled computers

 

This is already an option in the task settings. I believe you can choose the behavior. 

[pps 4]

1 hour ago, kingoftheworld said:

This is already an option in the task settings. I believe you can choose the behavior. 

Hello kingoftheworld there are options only for computer extinction not for disabled ones:

•	Computer extinction handling - If a computer no longer exists, you can either Remove this computer or Skip it.

•	Group extinction handling - If a group no longer exists, you can either Remove this group or Skip it.

Edited June 11, 2018 by pps
change

[MichalJ 434]

@pps this will be for sure added in the new version of ERA. I do not have an older version available, but in the new one there will be an explicit checkbox to "ignore disabled computers".

[kingoftheworld 10]

On 6/11/2018 at 9:59 AM, pps said:

Hello kingoftheworld there are options only for computer extinction not for disabled ones:

•	Computer extinction handling - If a computer no longer exists, you can either Remove this computer or Skip it.

•	Group extinction handling - If a group no longer exists, you can either Remove this group or Skip it.

@pps @MichalJ It is currently available under the sync task.  See screenshot below

[scavern 0]

Will v7 have the ability to assign devices that the RD Sensor discovers to specific static groups?

[Wassie 0]

Description: Overview of all running and planned tasks

Detail: It would be really great if ERA would provide a dashboard kind of feature that shows all planned and currently running tasks. Now I have to open the details of a client or server to see if the task is running. If this can be made, a progress bar and/ or percent of the task would be very helpful! If multiple tasks are running, and I have to wait till it's finished to start a new job, but have to push the refresh button multiple times, it costs a lot of time for each machine.

 

Description: Overview of all problems

Detail: It would be great if ERA could provide another dashboard kind of feature that shows a list of all current problems, like what machines need OS updates, or module update, having license issues etc. It would even be better if we could start a task right out of that notification line. Now we first have to open the machine details, check what the alert or issue is and then start a task to solve this issue.

 

Description: (professional) report for customers

Detail: One of my services is 'Managed Security'. In this case I provide Security solutions for several customers. I want to report to my customers what actions I (automated and manually) have done to keep the machines of my customers save and up to date. So a kind of logging, but readable for customers, and if possible scheduled to send by email (if possible, set by client group). Things like installed OS updates (when did the update ran and what was the result etc), updates of ESET modules, how the ESET product has protected the machine (blocked threats etc).

 

Description: (professional) report for scheduled or instant scanning

Detail: one of my services is receiving data, place it on a offline location, scanning the data for viruses and moving it to a production environment. For this kind of work I would like to give my customer a professional report. How many files where scanned, what was the version of the virus database, and all things that would help to make it more professional. Also it would help if this detailed report can be send by email from ERA after the machine gets back online, so that the result of the scan is saved at the client or server and reachable by the ERA.

[Nono 3]

Description : Having more detail about the "invalid data"

Detail: Currently, when we apply some "invalid" rules, despite working partially (I guess to "good rules" are working, but not the "invalid" one), we get the notification popup "User rules file contains invalid data". It's not really helpful to locate which entry may be faulty and which one are not. Would that be possible to get a log files stating which rules (name?) is faulty and even better : why ?

It would also help to locate which "data" it's referring to. For instance, "User rules" could lead to several subsection into the rules admin panel (Antivirus, Update, Firewall, etc ...)

[MichalJ 434]

@Nono  I assume you are talking about rules for HIPS eventually Firewall. This is not that much a functionality of ERA, than a functionality of Endpoint.  I will discuss it with Endpoint team, whether some "rule syntax verification" won´t be added in the future. 

@Wassie Thank you for your feedback, concerning your requirements: 

Description: Overview of all running and planned tasks

• You have a section "client tasks", however this shows you the status per individual task - aggregated, and you need to drill down, to see the status. Only thing that might not be done easily is the "progress bar", as it´s difficult to calculate aggregated progress for multiple machines (as the task is common for multiple machines). 

Description: Overview of all problems

• In the upcoming version 7, we have a dashboard "computer with problems" and "top computer problems" out of where you can apply "one-click" actions, that could resolve the problems (like initiate OS update, or create a new task). Also a new "status overview" dashboard is coming in the V7. 

Description: (professional) report for customers

• Future version of 7.1 is currently focused on resolving the problems / challenges of MSPs, so we have a similar (executive report, per managed company) in our scope. I will discuss whether we can expand it to also include performed actions. 

Description: (professional) report for scheduled or instant scanning

• Can you provide more details. Is this something like a webservice, where customer upload files, those are scanned (on-access / on-demand) and you want to provide them results, whether the files they have submitted were malicious or not? We are adding a "dynamic threat defense" cloud sand-boxing solution, which will allow customers to submit files to our isolated sand-boxing environment, from where you can also get a report, about the state of the submitted files. Or do I get it wrong? 

 

[MichalJ 434]

On 6/14/2018 at 10:10 AM, scavern said:

Will v7 have the ability to assign devices that the RD Sensor discovers to specific static groups?

It will be possible to filter "Rogue computers" report by a source machine (computer name). So therefore you will be able to add computers to different static groups, but this action will be purely manual. 

[Nono 3]

2 hours ago, MichalJ said:

@Nono  I assume you are talking about rules for HIPS eventually Firewall. This is not that much a functionality of ERA, than a functionality of Endpoint.  I will discuss it with Endpoint team, whether some "rule syntax verification" won´t be added in the future. 

Yeah, that's right. Actually, on endpoint, on the log files "Event" section, I was able to see that's the error are coming from the HIPS rules (I wasn't even sure, as the popup didn't specify it).