List of things that would improve ESET Remote Administrator

[cbrasga 3]

The following are highly recommended suggestions that would make ESET's ERA product better and easier to use. Remember, the easier you make something to use the more people will use it and the more time and effort is saved for those using it.

 

1. HTTP to HTTPS (and /era) redirect for ERA web console: I should be able to simply type the <SERVERNAME> or <SERVERNAME>.domain.com in the address bar and have it take directly me to the ESET ERA admin page.

 

Example: I have a DNS alias that points ERA.domain.com to my ESET ERA server. I should be able to type ERA (or ERA.domain.com) in my browser's address bar and get to the admin page. Not have to specifically type HTTPS://ERA.domain.com/era. You may try to justify the reason for having to type the whole specific URL as extra "security", but security through obscurity is not security. Securing your product properly and making it user friendly is a win-win.

 

2. Simpler domain authentication: I should not have to check a box to indicate I want to logon with domain credentials. All of my other domain/LDAP integrated software does not require me check a box to login with a domain account. Your software should simply follow an order when authenticating; authenticate against domain first, if user/domain isn't present, authenticate against local user database. Additionally, accept all domain username formats (e.g. username, DOMAIN\username, username@domain.com). Currently the software only accepts DOMAIN\username, with no indication that is the format on the login screen.

 

Example: I asked one of my staff to login using their domain credentials and they got locked out because they didn't know they needed to use DOMAIN\username format.

 

3. Remove the pop-out navigation: The pop-out on mouseover navigation is annoying and unnecessary. I understand the need for display space to display everything but don't make the interface jump around as you're using it. Make it a simple expand and collapse, not a mouseover. For a good example look at LastPass:

 

4. Optional: User interfaces are moving to flat and square edged: While not a requirement, it does keep UI's consistent and familiar with what people are used to, while also being less distracting when displaying information.

 

5. Use right click for context menus: 99% of applications use right click for context menus, even many web applications, so it is possible to do. Why go against the standard and what is natural to the users?

 

Update 1

 

6. Don't alert on Presentation Mode being Enabled: Don't show security warnings on Presentation Mode being enabled, just make it informational. Having windows in full screen is going to happen throughout normal business use, that doesn't indicate a security problem. Maybe if presentation mode was enabled for more than 8 hours, then that might be something to warn about.

 

7. Show Usernames Logged Into Computers: ESET ERA 5 used to show us the username of the person logged into the computer. That was useful information than is no longer displayed in ERA 6. For example we identify who caused or experienced the security risk and depending on who's computer was affected, how to respond to the threat or problem. For example: CEO's computer show security risk, respond immediately. Occaisionally used warehouse computer doesn't have the latest virus definition update, we can check back later.

 

8. Inconsistent Way of Listing Days: The ESET dashboard Last Scan widget uses the wording "one day" for Time of Occurence but then digits (2 days, 3 days...etc.) for all other times.

 

9. Automatically Mark Cleaned Threats as Resolved: After a threat has been clean/deleted, mark the threat as resolved. Since it is no longer an active threat, but it is still in the threat log if someone wants to follow up.

 

10. Don't Requite Agreeing to License Agreement Every Time: If I've already agreed to the End User License Agreement (EULA) once, I shouldn't have to do it every time I make an edit to a client deployment task. Just changing the name of the task requires clicking agree to the license again. The ERA installation End User License Agreement should already cover that, don't make everyone have to configure an extra unnecessary checkbox. It will be make the task/deployment process cleaner and be one less setting someone is require to configure, saving unnecessary time and effort for SysAdmins.

 

11. User Friendly Email Alerts: Currently, the email alerts look like straight log outputs rather than a user friendly formatted email message. Below is an example of the current Antivirus Threat Alert email from ERA. A more useful alert would be easily readable and include a link to the ERA threat page or threat details.

Number of threat detection events in 10 minutes has reached defined threshold. Please log-in to your ESET Remote Administrator for more details.

Computer name;Severity;Time of occurrence;Threat type;Threat name;Threat flags;Scanner;Scan log reference;Object type;Object URI;Action performed;Action error;Threat handled;Restart required;User;Process name;Circumstances;Virus signature database
computer.domain.com;3;2016-06-20 17:49:29;potentially unsafe application;Win32/Bundled.Toolbar.Ask.G;Variant;On-demand scanner;ndl30701.dat;file;file:///C:/Path/File.dll;;action selection postponed until scan completion;0;0;;;;13677 (20160620)

12. Multi-Select: Currently, to select multiple computers or threats you have to click individual checkboxes, which is a pain if you have tesn or hundreds of computers/threats you want to select. Please allow shift+click multi-select to make selection easier.

 

13. Item Count on Groups Tree: Showing the item count on the groups tree would be handy, so we could at a glance see the number of clients or threats for each group without having to click into each one.

Edited July 14, 2016 by cbrasga

[jimwillsher 65]

Totally agree on item 3. The icons are still not "intuitive" so I have to let the window expand each time to know which one I want. I know I can "pin" but it's not persistent.

[Marcos 5,074]

Re. 3, you can pin the bar so that it doesn't expand when you move the mouse cursor over it.

[jimwillsher 65]

You can, yes, but it doesn't persist so you have to pin it each time you login.

 

If the icons were clearer (e.g. a picture of a computer instead of a cube; a spanner or a cog wheel instead of a briefcase), and the pin were persistent between logins, it would solve the problem.

 

 

Whoever thought a cube represented "computers"

[cbrasga 3]

I second jimwilsher's comment. I've tried to pin the pop-out but once I close the browser or tab and log back in, I get the annoying pop-out again. Additionally, even if there is a "workaround", if there is a better way to do something it shouldn't it be used?

[MartinK 378]

1. HTTP to HTTPS (and /era) redirect for ERA web console: I should be able to simply type the <SERVERNAME> or <SERVERNAME>.domain.com in the address bar and have it take directly me to the ESET ERA admin page.

 

Example: I have a DNS alias that points ERA.domain.com to my ESET ERA server. I should be able to type ERA (or ERA.domain.com) in my browser's address bar and get to the admin page. Not have to specifically type HTTPS://ERA.domain.com/era. You may try to justify the reason for having to type the whole specific URL as extra "security", but security through obscurity is not security. Securing your product properly and making it user friendly is a win-win.

 

Could you please specify what deployment scenario/platform/version are you using? Redirection of "root" requires trivial tomcat configuration changes or creating redirection file -> and If I recall correctly, it should be created during setup.

[cbrasga 3]

 

1. HTTP to HTTPS (and /era) redirect for ERA web console: I should be able to simply type the <SERVERNAME> or <SERVERNAME>.domain.com in the address bar and have it take directly me to the ESET ERA admin page.

 

Example: I have a DNS alias that points ERA.domain.com to my ESET ERA server. I should be able to type ERA (or ERA.domain.com) in my browser's address bar and get to the admin page. Not have to specifically type HTTPS://ERA.domain.com/era. You may try to justify the reason for having to type the whole specific URL as extra "security", but security through obscurity is not security. Securing your product properly and making it user friendly is a win-win.

 

Could you please specify what deployment scenario/platform/version are you using? Redirection of "root" requires trivial tomcat configuration changes or creating redirection file -> and If I recall correctly, it should be created during setup.

 

 

We have installed the ERA 6.3 All-In-One installation on a Windows 2012 R2 server. Currently when I type hxxp://servername/ I receive a page cannot be reached error message in the browser and if I goto https://servername/ I simply receive a blank page. Only if I go to https://servername/era does the site load.

 

The Windows firewall is enabled and it looks like the ERA installation creates the Windows firewall rules for TCP ports 443, 2222, 2223, 3128 but not port 80. Even after creating a rule for TCP port 80, the browser still does not connect on that port.

Edited June 14, 2016 by cbrasga

[MartinK 378]

We have installed the ERA 6.3 All-In-One installation on a Windows 2012 R2 server. Currently when I type hxxp://servername/ I receive a page cannot be reached error message in the browser and if I goto https://servername/ I simply receive a blank page. Only if I go to https://servername/era does the site load.

 

The Windows firewall is enabled and it looks like the ERA installation creates the Windows firewall rules for TCP ports 443, 2222, 2223, 3128 but not port 80. Even after creating a rule for TCP port 80, the browser still does not connect on that port.

 

 

You were right, we are not installing "redirection" of root when installing on Windows using all-in-one installer -> it is available only when ERA appliance is used.

Simplest (and solution used on appliance) is to create redirection file <tomcat installation path>/webapps/ROOT/index.html with this content:

<!DOCTYPE HTML>
<html lang="en-US">
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url=era/" />
        <script type="text/javascript">
            window.location.href = "era/"
        </script>
        <title>Page Redirection</title>
    </head>
    <body>
        If you are not redirected automatically, follow the <a href='era/'>link to ERA</a>
    </body>
</html>

and your browser should redirect you automatically.

Edited June 15, 2016 by MartinK

[cbrasga 3]

Thanks MartinK, I used your redirection page instructions and it works as expected!

 

I also added the following to get HTTP to HTTPS redirection working:

 

1. Add the following line to the Tomcat conf/server.xml file above the "<Connector server="OtherWebServer" port="443"..." line.

<Connector port="80" protocol="HTTP/1.1" redirectPort="443"/>

2. Add the following to the Tomcat conf/web.xml file above "</web-app>"

 <!-- Require HTTPS for everything. -->
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>HTTPSOnly</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

(Source: hxxp://www.itworld.com/article/2769041/development/how-to-configure-tomcat-to-always-require-https.html)

 

3. Add a Windows Firewall rule allowing port 80. I simply copy and pasted the "ESET Remote Administrator rule (service Tomcat7) on port 443" rule and changed the description and port to 80.

 

4. Restart "Apache Tomcat..." service.

 

That's one issue down! Now, I can simply type the server/DNS name (or DNS alias "era") into a web browser it and takes me to where I need to be. Please add this to the next version of ESET ERA. Even though it's a small issue, every small improvement adds to ERA's ease of use and makes a SysAdmin's life easier. The SysAdmin that has to respond to a malware outbreak in the middle of the night and doesn't have to remember to type https://servername/erawhile still half asleep, will thank you.

Edited June 15, 2016 by cbrasga

[cbrasga 3]

*bump* Updated list with more items.

[MichalJ 434]

Hello cbrasga,

 

Thank you for your constructive feedback. I have to tell you, that your list of suggested improvements somehow copies the backlog of items that we would like to / are going to implement.

As of now, the confirmed items are :

• 3 (ERA 6.5),
• 6 (ERA 6.5 / EP 6.5),
• 7 (ERA 6.5, already implemented in developments builds, however as of now only in "computer details")
• 9 (backlog item, without a target version yet, requires more complex adjustments of the threat handling process),
• 10 (backlog item, without a target version yet, but might be 6.5),
• 11 (ERA 6.5)

Concerning the other items, we do have improvements tracked for 1, 2, 5 & 13 without target version.

We will track new improvements for item 8 (should be easy to do).

Item 12 might be partially solved in ERA 6.4, where we have enabled deselecting in case of "select all" functionality. So you select all items on the screen, and the deselect undesired items.

Edited July 15, 2016 by MichalJ

[kingoftheworld 10]

Another one that I have brought up several times is reporting the public IP address.  This is very useful to my organization to allow us to see where mobile devices are currently.

[PEBKAC27c 0]

I guess I might be the minority opinion.

 

#3 Pop-out. I agree. Remove it. However, I would like to remove the icons. Text only. Or if icons are required, put the text below the icon, and always show the text.

 

#4 UI. I am not a fan of the new flat UI. I prefer the UI, the way it was. I don't like something just because it is new. 

 

As for the rest, I am way too new with ERA, only been using it for a few weeks.

[cbrasga 3]

I guess I might be the minority opinion.

 

#3 Pop-out. I agree. Remove it. However, I would like to remove the icons. Text only. Or if icons are required, put the text below the icon, and always show the text.

 

#4 UI. I am not a fan of the new flat UI. I prefer the UI, the way it was. I don't like something just because it is new. 

 

As for the rest, I am way too new with ERA, only been using it for a few weeks.

 

@PEBKAC27c, #4 is not just because it is something new, it's about consistency. The flat look is more consistent with the look and feel of ESET's current endpoint products and even their website.

Edited July 18, 2016 by cbrasga

[cbrasga 3]

Wanted to provide positive feedback where it is due. Just upgraded to 6.4 and I really appreciate grouping the Policies in a folder structure and identifying which ones are built-in vs custom, it is so much better and less cluttered than the wall of policies we used to see from a fresh ERA install.

 

Now if only there was a simple way to see which policies were active (applied), such as simply having the active/applied policy icon being ESET green. 

Edited July 19, 2016 by cbrasga

[MichalJ 434]

Hello cbrasga. That is coming as well, however for the next version (also a better identification, of which policies are valid for which computer).

[cbrasga 3]

Hello cbrasga. That is coming as well, however for the next version (also a better identification, of which policies are valid for which computer).

 

Glad to hear it. Also, thanks for allowing us to select all and de-select the few we may not want.

[zackliu 2]

For Reports, it would be great to have the ability to merge the default templates. For example, I want to have a daily report that includes the active threats, last scan, virus definition update info, and quarantine info, all in one report. I feel the reporting function in ESET needs some improvement and should include more out-of-box useful templates for the ease of administration.

 

Also, when the report are generated and sent via email, the name of the report is always "report.pdf", please consider to include a timestamp and/or change the name of the file to match the type of report OR let us define the filename. It is a pain to identify the report currently with the same file name.

Edited July 19, 2016 by zackliu

[WolfgangOne 0]

I agree with pretty much all of the suggestions in the thread. Something additional that's been bothering me is the inability to sort/filter by all columns available on a report. That is, as far as I have been able to determine, there is no way to create a report of say, just trojans and worms (excluding PUPs, for instance). Even though you can *display* that information in a report as "Active threats . Threat Type", that is not available for selection under Filter, as far as I have been able to determine. Any field that can be displayed on the report should be available for selection for sorting or filtering. As it stands, we can't be notified of "serious" threats without also being notified of every penny-ante PUP detected. 

 

Another thought, it also might be a good idea to have ERA escalate the "threat" from yellow to red after it's deleted the same threat in the same file a few times in a row (which would seemingly indicate a situation that merits investigation, at the very least).