Future Changes to ALL other ESET Products

Discussion in 'Other ESET Home Products' started by Blackspear, Jan 26, 2008.

  1. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The aim of this thread is to give feedback to ESET as to changes we would like to see in future upgrades of ALL other ESET Products

    Please be very specific so that your suggestion can be written in one line. After this go into DETAIL though remember to try and keep it in plain and simple terms. If it is too complex I will simply add: refer to post number XX. Basically, if I can't understand it, how can I write about it.

    If your suggestion has already been discussed in previous threads please post links to such, this may help further explain your case to ESET and others reading your suggestion.

    You are welcome to discuss the merits of each and every suggestion, just keep on topic, as there are other parts in the forum to discuss issues.

    A list will be maintained by Wilders and ESET staff in this first post enabling people to easily see if their suggestion is already included.

    Cheers :D

    Blackspear.



    1.

    2.

    3.
     
  2. EnGenie

    EnGenie Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    182
    Location:
    Hampshire, England
    An updated version of NOD32 for Exchange Server (XMON) to work with NOD v.3.0
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    My only hope will be to see Eset attain the ability to clean or disinfect along the lines of Kaspersky, Dr.Web or Norton. I know detecton is the start but when they are able to do this well, it will set them back on top where they rightfully belong.

    That with some sort of HIPS or Sandbox implemented to cover all sides that are now covered by other products. I think one of these 2 areas are key to any AV survival.
     
  4. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    Seconded.

    Along with an option on a server of optional pre-configured directory exclusions. e.g If you have SBS2003 use list 1, W2003; list 2, W2003 + Exchange 2003; list 3 etc.
     
  5. HunterNZ

    HunterNZ Registered Member

    Joined:
    Mar 3, 2008
    Posts:
    3
    Location:
    Auckland
    1.Simple one...have the version numbers match across the product range.
    It can be confusing that the Version 2.x console manages 3.0 clients.
     
  6. PRJUS

    PRJUS Registered Member

    Joined:
    Sep 13, 2007
    Posts:
    95
    Location:
    Denmark
    In addition to the antivirus capabilities of XMON I think we really need antispam functionality in a central solution as well and not just in ESS on the clients.
     
  7. dwood

    dwood Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    92
    Having the ability in ERAC to right click on selected number of clients from the Clients tab and having a new option under New Task to install a new package.

    This would make deploying new version a lot easier than they are currently.

    Dan
     
  8. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    Two things that I would like to see in the Nod32 Remote Admin (RA server.)

    #1) Show me machines which are powered on but not running antivirus.
    For example, I am using Zenworks to upgrade Zen to a new bulid. I have had 6 of my 500 machines reboot during the install leaving Nod32 in a failed state. e.g. it is not running.
    If I go into my RA, it simply shows they haven't connected in X many hours -- such as powered off machines. If I go into Find Unregistered computers, they do not show up. So I have no way of knowing Nod is not installed onto these PC's.
    If I delete these machines from the RA, then do a find, they show up. One way to accomplish this is to perhaps have a column in the client view that shows if the machine is powered on or not. Since if I delete these PC's from RA and find, find can see them, then use that same find logic to determine if PC is powered on or not so I can quickly identify PC's with Nod in a failed state.

    #2) Show who is signed onto the PC in the RA. I am almost a pure XP pro Active Directory shop. I have some home editions which have fast user switching. I have some *nix machines. On the XP PRO machines w/out fast user switching it would be nice to see a column showing the currently signed on user. Since there can be multiple domains involved, do not send the users SID. Resolve the domain and user name locally and send that up. So if it's a standalone PC, it would report PC1234/Joe Blow or a domain one domain/userid. If no one is signed on, then that would be uploaded too -- (signed off)

    An example of a service doing this by enumerating running processes;
    http://www.codeproject.com/KB/vb/Windows_Service.aspx
     
  9. jkyriazakos

    jkyriazakos Registered Member

    Joined:
    Feb 6, 2007
    Posts:
    5
    I would like for the RA server the ability to create boot cd iso images with the latest antivirus signatures for offline scaning infected systems.

    An online error data base.
     
  10. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    Thirded!
     
  11. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    Here's my problem;

    I have 650 PC license of Nod32. I think I have about 600 PC's. It's hard to tell as some PC's don't connect to the Internet often, and we are continually replacing PC's. So I don't know if that PC in the list is replaced or just not on the Internet.

    We have a group of people that build our PC's, so many of them have access to the Nod32 install, & ACL protected XML file with the userid/password. They have to know the Nod32 unlock password to fine tune exclusions and such on remote PC's.

    I don't have any reason to think this is happening, however what I am concerned with is that some of these people might be taking this NOD installer, putting it on other PC's that we did not purchase the license for, and disabling the "Connect to RA server option." I did find one case of this, but it was on a PC for which we did purchase a license.

    But why? Perhaps so the alerts of blocked adult infected material is not alerting me?

    Anyway, what I propose is that when clients connect to ESET's servers (I see all my clients do this right now on the firewall logs.) that they report up with the same info they report to my RA. And that since they are connecting with my userid & password, that my RA's connect up to ESET and show me all my clients - even those not connecting to my RA's.

    That way if I have a guy that is giving my license out to his friends and family, I would be aware of it and could stop it.

    The side effect would be ESET would get tighter controls on the license counts. So that clients are not paying for x and using x+ licenses.
     
  12. jholbrook

    jholbrook Registered Member

    Joined:
    Jul 23, 2008
    Posts:
    11
    New customer here. I like NOD32 but there's a couple of things I'd like to see:

    1) Much better documentation - For example, I really can't find any good details on configuration of NOD32 through the Remote Administrator Console. I'd like to know about how to set up exclusions properly. If I want to exclude all .mdf files do I do a *.mdf or .mdf? What about things like %systemroot%? Will NOD32 recognize those sorts of variables?

    2) As mentioned by somebody else I would really like to see the Remote Administrator to have more 'real time' statistics. We installed NOD32 on a server and then the server was rebuilt with the same IP address and name.

    Yes, the client shows that it hasn't communicated in a couple of days but shouldn't I see under Protection Status that the system isn't in fact secure?

    Shouldn't the Remote Adminstrator see that this new computer has the same IP and name and say "Hey I don't see NOD32 installed on this machine. It was installed before."

    3) Group configuration settings. Coming from a Trend Micro Office Scan environment I really liked the fact that I could create a group (e.g. Citrix Servers) which would have specific configuration for exclusions, etc. All I have to do to have the configuration synchronize would be to put a new server into the group and within a few minutes the configuration on all the servers in that group would be exactly the same.

    Or I could make a change to the configuration and it would automatically be pushed out to all the clients in the group.

    I'm sure I'll think of something else.

    Thanks.
     
  13. jholbrook

    jholbrook Registered Member

    Joined:
    Jul 23, 2008
    Posts:
    11
    Thought of one more thing. I'd like to have the "Find Unregistered Computers" do a much better job of scanning my network for machines without NOD32 installed. As I'm rolling NOD32 out I'm finding machines which are on our network but aren't displayed when I do the unregistered computers scan.
     
  14. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    This is functionality that I could really use myself as well.
     
  15. jholbrook

    jholbrook Registered Member

    Joined:
    Jul 23, 2008
    Posts:
    11
    Doing some updates to my clients from 3.0.669 to 3.0.672 and thought of something else that the RA really needs.

    Why can't I push out a fresh/update install from the Clients tab of the RA?

    I can't really understand what purpose the groups have in the Clients list.

    So let's say I have a group called "Window XP" which are all at version 3.0.669. If I want to push out the update to all of the clients in this group I pretty much have to write down all their names and then manually input them in the Remote installer tab.

    Why can't I select all the machines in the group, under the client tab, right click and do a "Remote Install"?

    Couple of other things (not 100% related to Remote Administrator but I'm doing everything through the RA so this is where I notice the problem):

    1) Exclusions suck in NOD32. If you read Microsoft's recommendations on AV exclusions etc there is often a case where you need to scan a directory and only certain subdirectories below it. For example, if you read http://support.microsoft.com/kb/822158 they recommend the following:

    1. %systemroot%\sysvol Exclude

    2. %systemroot%\sysvol\domain Scan

    3. %systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory Exclude

    4. %systemroot%\sysvol\domain\Policies Scan

    5. %systemroot%\sysvol\domain\Scripts Scan

    6. %systemroot%\sysvol\staging Exclude

    7. %systemroot%\sysvol\staging areas Exclude

    8. %systemroot%\sysvol\sysvol Exclude

    There is absolutely no way to do this with NOD32.

    2) Recognizing system variables. Why oh why doesn't NOD32 understand system variables?

    I'd love to be able to do something like $:\Program Files\Program X\subdir\* but with NOD32 I need to put in every possible drive letter where this program might be installed.

    3) Why doesn't the install file include a more recent version of the pattern file? I push out an update to a machine and it ends up installing signature file 3300 and then upgrades a few minutes later. So for a short period of time my system is really not protected. I know it would be impossible to put the absolutely latest signature file but why not one that's current to when the latest program file has been released?

    4) Auto updating of program version

    Just talked to your support department about this.

    I see in the configuration editor that I there is an option for updates to either:

    1) Do not update program components
    2) Always update program components
    3) Ask before updating program components

    What do these options do when running the Remote Administrator? Absolutely nothing! That makes no sense to me. Support told me that the only way to push out new program versions is through the Remote Install option.

    Should there not be a way from the Remote Admin Console to auto update the program version on all my clients?

    5) This is really petty but I can definitely see how the Configuration editor was built by developers and not with end users in mind.

    For example, why are so many of the two choice options selected with a checkbox? That makes no sense to me.

    Value Yes/No with a checkbox. So if I select the checkbox am I saying yes or no? Very confusing.

    Thanks a lot. Hoping somebody from ESET reads these forums. It just seems to me that other AV products have a much more polished remote administration package. Remote Administrator really isn't Enterprise ready.

    Thanks a lot.
     
  16. XN04113

    XN04113 Registered Member

    Joined:
    Jul 5, 2007
    Posts:
    25
    The ERA server replication should replicate the groups too.
    If I delete a client on one server it will not automaticly deleted on the partner server. Same for resetting the new flag and some other database fields.

    We use two era servers. The clients connect to the server with the DNS alias NOD32SRV - the other is still standby, fetches the upates and replicate. If one server fails we have only to change this alias at our DNS server and every client will switch to the other server (after the DNS lease time is run out). But all clients will be duplicated at the second server because of the field "Primery Server". We have not 1500 licences to get this running, so we have to delete the replicated entries first.

    The Configuration Editor has no field to change the quarantine directory, as in version 1.x. But I think thats a problem of NOD32 3.x not ERA.

    A functions that automatically moves a new client depending on a part of his hostname to a group would be nice. If this works, mayby a group specific predefined config should also be transfered.

    And please, give us a full documentation of the XML config files and the resulting registry keys.

    regards
    mike
     
  17. Carsten S

    Carsten S Registered Member

    Joined:
    Oct 5, 2008
    Posts:
    1
    Location:
    Denmark
    X4. Thats really a needed thing.
     
  18. Hirtzy

    Hirtzy Registered Member

    Joined:
    Nov 20, 2008
    Posts:
    17
    Location:
    Australia
    The ability for clients to update from the distribution server when they are connected to the LAN (thus saving bandwidth) and from the internet when they are outside the company LAN. Eg. The ESET client on a laptop user first tries to update using the distribution server but if it can't connect (ie. when used at employees home) it automatically falls back to using the internet connection for updates.

    Edit: Scratch that thought. Functionality already exists. Note to self - read online knowledge base before posting :doubt:
     
    Last edited: Jan 28, 2009
  19. techie007

    techie007 Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    125
    Location:
    Ontario, Canada
    Quarantine controls from the RAC.

    I don't understand how this doesn't exist in a business anti-virus. Do people really hit each machine once a year and empty quarantines? Am I missing something? Do the client quarantine contents flush after a certain amount of time on their own or something?

    I should be able to request a list of what's in any clients' Quarantine and be able to tell it to flush.

    I _DON'T_ want a central quarantine like Symantec. :)
     
  20. PRJUS

    PRJUS Registered Member

    Joined:
    Sep 13, 2007
    Posts:
    95
    Location:
    Denmark
    When the Notification Manager sends a notification (mail for instance) about a threat that NOD32 has deteced on clients that are reported to ERAS it only includes a list of the clients but not information about the threats.

    The administrator has to log in to the console and check manually and I think that the notification should include more information so that the administrator can react upon the notification itself without having to log on to the ERA Console.
     
  21. yokinchar

    yokinchar Registered Member

    Joined:
    Aug 28, 2009
    Posts:
    3
    Host Intrusion Prevent
     
  22. BobEnigma

    BobEnigma Registered Member

    Joined:
    Sep 15, 2009
    Posts:
    1
    The log files for NOD32 for Exchange Server (XMON) should show the correct name of the User's mailbox that an action was taken on.
    It currently shows the User as NT\AUTHORITY SYSTEM for every log entry.
    There is no way to tell who's mailbox an infected file was found in.
     
  23. etocoffee

    etocoffee Registered Member

    Joined:
    Oct 10, 2008
    Posts:
    17
    I am mac user. Hope ESET NOD32 will release antivirus for mac platform. :D
     
  24. Stoner81

    Stoner81 Registered Member

    Joined:
    Aug 23, 2008
    Posts:
    30
    H.I.P.S protection please folks in Smart Security and Anti-virus.
     
  25. Fuzzie

    Fuzzie Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    3
    1. Timezone recognition for scheduled tasks

    2. When using policy manager it would be nice if the individual scheduled tasks would merge together with parent policy.