Future changes to ESET PROTECT (formerly ESET Security Management Center / ESET Remote Administrator)

[Marcos 5,074]

1 hour ago, Nono said:

Yeah, that's right. Actually, on endpoint, on the log files "Event" section, I was able to see that's the error are coming from the HIPS rules (I wasn't even sure, as the popup didn't specify it).

In my opinion, all that needs to be done is to update the expression verifier so that it prevents entering file names without paths to the process exclusion list or using wildcards in file paths in rules.

[pps 4]

Description : Show website  web control category/categories when a page is blocked

Detail: Users should know when a page is blocked to which category is categorized. Also is good to have an option from inside the block page to redirect to another page (for example a ticketing system) or report this page to directly to eset in the case of a false positive/miscategorization.

Edited June 19, 2018 by pps
edit

[ilyak 0]

Description: Auto mark certain actions as resolved

 

Detail: When viewing threats list I see a lot of items marked as "cleaned by deleting" or "connection terminated", I'd like to have these auto categorized as resolved so when I'm scanning for systems with issues i'm only looking at ones that actually had an issue that couldn't be fixed by an auto action.

[Marcos 5,074]

1 hour ago, ilyak said:

Detail: When viewing threats list I see a lot of items marked as "cleaned by deleting" or "connection terminated", I'd like to have these auto categorized as resolved so when I'm scanning for systems with issues i'm only looking at ones that actually had an issue that couldn't be fixed by an auto action.

That's how it works in ESMC (ERA v7) which is currently in the phase of beta testing and will be released soon.

[Wassie 0]

8 hours ago, MichalJ said:

 

@Wassie Thank you for your feedback, concerning your requirements: 

Description: Overview of all running and planned tasks

• You have a section "client tasks", however this shows you the status per individual task - aggregated, and you need to drill down, to see the status. Only thing that might not be done easily is the "progress bar", as it´s difficult to calculate aggregated progress for multiple machines (as the task is common for multiple machines). 

Description: Overview of all problems

• In the upcoming version 7, we have a dashboard "computer with problems" and "top computer problems" out of where you can apply "one-click" actions, that could resolve the problems (like initiate OS update, or create a new task). Also a new "status overview" dashboard is coming in the V7. 

Description: (professional) report for customers

• Future version of 7.1 is currently focused on resolving the problems / challenges of MSPs, so we have a similar (executive report, per managed company) in our scope. I will discuss whether we can expand it to also include performed actions. 

Description: (professional) report for scheduled or instant scanning

• Can you provide more details. Is this something like a webservice, where customer upload files, those are scanned (on-access / on-demand) and you want to provide them results, whether the files they have submitted were malicious or not? We are adding a "dynamic threat defense" cloud sand-boxing solution, which will allow customers to submit files to our isolated sand-boxing environment, from where you can also get a report, about the state of the submitted files. Or do I get it wrong? 

 

Hi Michal,

• right, the goal of my question is if it would be possible in future versions to have a dashboard that provide all tasks running at that moment, with also the progress showing. Sometimes you have to wait till a task is finished before you can start something else. Pushing the refresh button isn't user friendly and it would really help if you could see the progress in real time.
• great! when will V7 be available? and how can I upgrade to this version? any site where we can see the new added features?
• That would be really great. If gives me more the opportunity to show my, and the ESET products, added value to my customers.
• It isn't a web service. A customer delivers a harddrive at our data center. We connect it to a 'sandbox like' machine with ESET protection running. Then we start doing scans. If there are no threats, the data is moved to the environment of our customer in the data center. To show the customer we have scanned his data, the result included, we would like to show him a professional report of the scan. The 'sandbox like' machine, or offline at that moment, will get back online after the scan and will get back in synch with the ERA. So it would be great if the report can be seen/ imported by ERA and send to the customer.

 

[MichalJ 434]

16 hours ago, pps said:

Description : Show website  web control category/categories when a page is blocked

Detail: Users should know when a page is blocked to which category is categorized. Also is good to have an option from inside the block page to redirect to another page (for example a ticketing system) or report this page to directly to eset in the case of a false positive/miscategorization.

Thank you for your feedback. This is more a feature of Endpoint Security, as webcontrol is integrated in there. We will track an improvement request for that in within the corresponding project.

[pps 4]

Description : Application Identification by hash (SHA1) in the Firewall rule

Detail: ESET Endpoint Security 7 (evaluation) can exclude a file from scanning  by its SHA1 that would be very useful too if you can use that sha1 to identify specific applications and include them in the firewall rules.

[MichalJ 434]

@pps Thank you for reporting. We will add this into the feature backlog. After brief check with developers, this should be possible. 

[Marcos 5,074]

@pps I've moved your issue report to a new topic https://forum.eset.com/topic/15856-blank-problem-field-in-alerts/ where it will be tackled further.

Description : More detailed problem alerts

Detail: No problem description on problem alerts, (see screenshot below), it's the second or the third time that the same thing happens.

[Rémi 0]

Description: support of MariaDB

Detail: MariaDB has replaced Mysql in all major linux distributions, and should be a drop-in replacement. Yet officially eset does not support it, is there a technical reason ?

[MichalJ 434]

@Rémi Primary reason was optimization of dev/QA costs, where MySQL is platform agnostic, so can run on both Windows & Linux systems. MariaDB is only for Linux. We have received few such questions, however it never went "too high" into the priorities list, in order to be done. We have however such item in the backlog for the future releases.

[Rémi 0]

@MichalJ This unfortunately makes the install a lot more convoluted on any recent linux server... For example it's only possible to install it on debian oldstable (jessie), not on current or future stable... And debian is definitely not a fast mover, so the situation is probably worse elsewhere. Thanks anyway for your answer.

[bbahes 29]

6 hours ago, MichalJ said:

@Rémi Primary reason was optimization of dev/QA costs, where MySQL is platform agnostic, so can run on both Windows & Linux systems. MariaDB is only for Linux. We have received few such questions, however it never went "too high" into the priorities list, in order to be done. We have however such item in the backlog for the future releases.

I don't understand this bolded part. Check here https://downloads.mariadb.org/mariadb/10.3.7/

[davidenco 1]

6 hours ago, MichalJ said:

@Rémi Primary reason was optimization of dev/QA costs, where MySQL is platform agnostic, so can run on both Windows & Linux systems. MariaDB is only for Linux. We have received few such questions, however it never went "too high" into the priorities list, in order to be done. We have however such item in the backlog for the future releases.

Your information source is wrong. I administer an environment of both Windows and Linux servers, all running MariaDB since version 10.0! MariaDB is a drop-in replacement, and runs on Windows and Linux.

[MartinK 378]

On 6/24/2018 at 3:30 PM, Rémi said:

Detail: MariaDB has replaced Mysql in all major linux distributions, and should be a drop-in replacement. Yet officially eset does not support it, is there a technical reason ?

Yes, there were functionality issues, older ERA versions could be installed with MariaDB, but there were runtime-issues, i.e. specific database operations were not working correctly. That is why we blocked installation using MariaDB (we have actually never supported it).

Regarding MySQL availability on various distributions, we are both internally and in ERA Appliance using official MySQL repositories (https://dev.mysql.com/doc/mysql-apt-repo-quick-guide/en/) - is there any reason why this cannot be used in your environments? From our perspective it is much easier, as in this case, the same versions/builds are used on all distributions, which simplifies support and portability.

[Rémi 0]

using the MySQL repositories could be an option, but it adds a level of complexity to the deployment and management, especially if one uses a configuration management system based on ansible or saltstack. Adding official repository support to an existing infrastructure management system is a lot more involved than just using the integrated tools. Not rocket science, but still one level of complexity that I could do without.

Furthermore it also adds complexity and uncertainty when one wants to upgrade the system. I know that debian's upgrade system is integrated, tested, mostly works well, and is documented, especially when problems arise. I know I can trust it to do the right thing. OTOH I have no idea how Oracle manages the official repo. Oracle's history track is far from perfect, I know I can't trust them, so I'll have to double check everything. Again, probably not rocket science, but still something I could do without.

Last but not least: I don't know the details, but there is probably a strong reason why most linux distributions took the expensive decision to switch from mysql to mariadb. It cost them development time, support time, and probably many quirks everywhere since it is not a complete drop in replacement. I'll use mysql if I really have to (actually I'm using it since I installed a jessie vm just for era), but it would be much more comfortable and (and IMO) future proof to switch to mariadb.

Oh, one last thing: I don't see the odbc connector in the apt repo, is it somewhere else ?

[MichalJ 434]

We will take this into consideration, but still, due to the relatively low install base of Linux (outside of the VM appliance) it will still remain with a low priority, compared to other things we want to achieve.

[MichalJ 434]

On 6/19/2018 at 4:27 PM, pps said:

Description : Show website  web control category/categories when a page is blocked

Detail: Users should know when a page is blocked to which category is categorized. Also is good to have an option from inside the block page to redirect to another page (for example a ticketing system) or report this page to directly to eset in the case of a false positive/miscategorization.

Hello, showing the category is now supported in the latest versions of our Endpoint applications (I have checked it with the responsible PM). Are you please able to confirm?

[Wassie 0]

On 19-6-2018 at 7:55 PM, Wassie said:

Hi Michal,

• right, the goal of my question is if it would be possible in future versions to have a dashboard that provide all tasks running at that moment, with also the progress showing. Sometimes you have to wait till a task is finished before you can start something else. Pushing the refresh button isn't user friendly and it would really help if you could see the progress in real time.
• great! when will V7 be available? and how can I upgrade to this version? any site where we can see the new added features?
• That would be really great. If gives me more the opportunity to show my, and the ESET products, added value to my customers.
• It isn't a web service. A customer delivers a harddrive at our data center. We connect it to a 'sandbox like' machine with ESET protection running. Then we start doing scans. If there are no threats, the data is moved to the environment of our customer in the data center. To show the customer we have scanned his data, the result included, we would like to show him a professional report of the scan. The 'sandbox like' machine, or offline at that moment, will get back online after the scan and will get back in synch with the ERA. So it would be great if the report can be seen/ imported by ERA and send to the customer.

 

@MichalJ where my answers clear enough? hope you ca answer my questions. (forgot to quote your name)

[MichalJ 434]

@Wassie

1. We will track improvement for this topic. As of now, we have not received such request. But I get your point. You simply want to see all actions currently running on all of your clients (aggregated) - but only "running", not finished / failed / scheduled.
2. I can´t share with you any exact timeline. We anticipate during this summer. As soon as date is confirmed, we will share it with you. Concerning the new features, there will be a changeling / what´s new article published at the moment of the release, and in the ESET support portal. Upgrade will be possible by running the new binaries over the old ones (in the beginning) and later via "component upgrade task" (like from 6.4 => 6.5).
3. Thank you. We will work on it
4. I think I get the point now. What you want is a  "print out" of the scan report, with a nicer graphics, but only focused on that individual scan. Is that correct? And you want ERA to print those data for the customers (for the individual scan). We have never received such request, but I will discuss it with people here, about how to resolve it.

[Wassie 0]

5 minutes ago, MichalJ said:

@Wassie

1. We will track improvement for this topic. As of now, we have not received such request. But I get your point. You simply want to see all actions currently running on all of your clients (aggregated) - but only "running", not finished / failed / scheduled.
2. I can´t share with you any exact timeline. We anticipate during this summer. As soon as date is confirmed, we will share it with you. Concerning the new features, there will be a changeling / what´s new article published at the moment of the release, and in the ESET support portal. Upgrade will be possible by running the new binaries over the old ones (in the beginning) and later via "component upgrade task" (like from 6.4 => 6.5).
3. Thank you. We will work on it
4. I think I get the point now. What you want is a  "print out" of the scan report, with a nicer graphics, but only focused on that individual scan. Is that correct? And you want ERA to print those data for the customers (for the individual scan). We have never received such request, but I will discuss it with people here, about how to resolve it.

@MichalJ

4. correct, managing the outcome of the individual scan, and create a nicer/ professional report, from ERA would be very nice and helpful to provide my customers reports of scans.

[kingoftheworld 10]

Not necessarily related to ERA, but for the enterprise A/V products

Description: Consistent handling of update profiles between Windows and macOS
Detail: I would think that two products that are essentially branded the same should operate the same between platforms, ESET Endpoint A/V 6.* for Windows and macOS.  When configuring update profiles to pull from an internal mirror on a PC, you essentially have to go in an update the the task for the update to use your internal mirror first, then use ESET's servers second.  However, when you manually trigger the update now using the GUI, this fails at doesn't know to use a secondary profile and only uses the primary.  In my mind, the macOS behavior is ideal method where you specify a primary and secondary server.  It attempts the first, if it doesn't connect, it fails to the second.  P.S. I am not interested in using the caching proxy that has been recommended me more times than I can remember.  I am confused on why these products from a administrative standpoint are so very different.  Another example is the ability to password protect the settings on Windows, but a horrible method of using groups/accounts on macOS.  I simply want to apply a password before dropping into the settings panel.  I am forced to mark all of the settings as Forced on my macOS policy to prevent users from modifying them which is a real pain if I have to have a technician troubleshoot something with an end-user.

[MichalJ 434]

@kingoftheworld Thank you for your feedback. I will discuss this with my PM colleagues responsible for both Mac and Windows products.Password protection on Mac is already tracked in the backlog. Concerning the unification of the updater behavior, I will check about what can be done. I agree, that it should be possible to specify dual update profiles also for manually triggered update, not only scheduled one. 

[pps 4]

On 6/26/2018 at 9:25 AM, MichalJ said:

Hello, showing the category is now supported in the latest versions of our Endpoint applications (I have checked it with the responsible PM). Are you please able to confirm?

@MichalJ Should I be able to activate this option  within ERA (latest version 6.5.522.0) I can't find any option how to turn it on. Also I can't find an option on endpoint 6.6.2078.5 too.

Should I try it to a stand alone version of endpoint (without any connection to ERA)?

 

 

Edited June 27, 2018 by pps
edit

[MichalJ 434]

@pps Can you please adjust the settings from "block" to "warn", whether the behavior of the page will be changed? I will check with the teams responsible, where could be the issue.