Better/ detailed EM warnings. Untraceable warnings.

I know this has been asked before.
How can I receive a more detailed email regarding warnings?
Like … This morning I got 2 emails (1st: 07:24, 2nd: 08:33):
“EM Warning: New Infection Detected!”
You are receiving this e-mail because you are using Endpoint Manager product.

2020-04-30 05:23:36. New Infection Detected on device #####.

Follow the <link> to see details.

Best Regards,
EM Team

Here in this email I would like to see how urgent this warning is!
What kind of threatlevel and what kind of malware has been detected.
Also a direct link to delete/whitelist the threat.

Not first having to login, and search for the affected device.

Now, I clicked the link and I’m directed to the Malware overview.
But… the last stated item is for over 8 days ago!!
So this is not the item stated in this email!
Now I have to search what could be the trigger.
The other tabs: ‘Threat history’ and ‘Autorun items’ are empty. But ‘Quarantined files’ shows one item from this morning.
So now I’m still wondering if this is the warning because I got 2 seperate warnings.
But, now it’s getting more confusing:
If I open the ‘Quarantined files’, and click on the file, ( in this case named ‘appselector.exe’) , I can see on what devices this file has been found.
And if I select that (‘Device list’), only one (!) device is listed where this file is installed on.
But,… thats a whole other device from another customer. This device, where I got 2 EM warnings from, isn’t mentioned here.

So, long story, but the bottom line is:
Can the EM messages be more specific and detailed about the threat? Better would be with direct links for actions (like whitelist/ delete/ scan/…)
And how can I search for these warnings because I can’t trace them back!

So, after all this checking, I still haven’t found out what the 2 emails were referring to.

Am I doing something wrong?

Regards

1.jpg748×312 39.3 KB

2.jpg1192×374 70.8 KB

3.jpg1097×363 55.2 KB

4.jpg885×391 42.4 KB

Correcting myself:
The ‘Quarantined files’ is an overview of all the quarantined files and will show all the files from all the customers.
So this is by design and correct I see. My mistake.

But… I still haven’t got a clue what was the trigger.

Now I just got another Email, regarding another client. I also get redirected to the ‘current malware list’ and no entry regarding ths device. (last entry for this device was from 15 dec 2019)

I really think a lot of these misunderstandings can be taken away with a more detailed email and direct links for actions.
This is not ‘admin-friendly’.

Hello @ailan,

We have created a support ticket in regards to your report and will reach you via your forum registered email for further correspondence.

Hi SethHD and Colin,

Thanks for the message.
I just received the following mail:
[I]Hello,

Thank you for contacting ITarian Support Team.

We thank you for providing details about your query. Our product management team is aware of your request and is working to prioritize it with the others received. We will provide you an email notification for any updates regarding this request and its timeline once it is prioritized on the road-map for a delivery.

Regards,
Colin
ITarian Support[/I]

Can you tell when we can see this function? (I’ve asked ths question also nearly a year ago. see: https://forum.itarian.com/forum/msp-area/34348-mobile-apps?p=34358#post34358)
I still haven’t found out where the triggers were coming from this morning. No details in the logs.
So, only thing I can do is do a full scan on the computers.

These are one of the most basic functionalies for a security product. Now I only get a warning, but can’t see from where or what.

So please can you implement those 2 things asap?:
-easier navigation to see all the threats.
-more detailed email/warning with direct links to the entrylog and direct links to take action (like clean, scan, whitelist)

Thanks and regards.

Update,
From yesterday, I’m still getting a lot of email warnings regarding ‘New infection detected!’.

So what are the steps to find out what was found, when and where?

If I click the link in the email, I’m redirected to the ‘Current Malware list’. Just like I stated in the first post.
This is what I see (I sorted the entries by date):

Notice I only have 1 entry from today. The 2nd entry is from nearly 3 days ago!

Ok, I check the Notifications tab:

Hereby the warnings:

I only see 2 malware detections…

So this is not consistent with all the emails I got:mad:

I still don’t have a clue and overview what’s going on…

So I try to do a search in ‘Security Dashboard’-> Event view.
Here I see a lot of events. Even from devices and events where I haven’t got a email warning from!

But to begin with I’m still trying to figure out the detected infections. So I’m going to filter only on ‘Malware detections’.

Also, I see other entries from devices where I haven’t received a mail.
But, I can’t trace the received messages and detections here.

And searching through all the logs is a pain and very illogical: notice the above pics: a lot of entries are logged in 24H and others in 12 H notations.
That to begin with is very confusing and makes searching very hard!

And in the event views: the layout that can’t be widened is a very big problem: The collumns for devicename, and more, from the filepath and filename are way too short to have a quick overview.
I know I can hover over the entries, but if you want to have a quik glance in all the entries, this is very time consuming… You have to hover over every item, and wait until it is reveled. And if you want to record it for yourself to inspect the files you have to copy-paste it to some other place.

So, I only want to say that there are a lot of improvements needed.
A better navigation, the logs are not consistant and acurate from what I have in my consoles.

As an endpoint-platform this product is unusable for me at this point because I can’t find the detected warnings I received in email and I can’t rely on what I see in the different logs.
Creating these emails, snorring throug every different log takes too much time for a product like this.

Am I the only one who can’t find and work in this?

I’m still trying to like this platform, but like I posted earlier:
please don’t add newer functionalities, but focus on the(se) basic things. They are not working like it should be.
For now, this is unusable to troubleshoot.

Can anyone post how to inspect the received warnings properly?
Not a link to the manuals because I’ve already seen them. Like you ss from my long post above, on the regular places I can’t find the regarding entries.
Please post them here so that we all can learn. Not via private email or meeting.

6.jpg1440×777 84.8 KB

1.jpg1440×663 111 KB

7.jpg814×200 26.8 KB

3.jpg1440×480 38.8 KB

8.jpg1440×609 61.5 KB

4.jpg1440×644 85.4 KB

5.jpg1189×641 86.7 KB

Did you remove the infections?

Hi Uandit,

No, Because I can’t see if it’s a valid file/program or not.
I can’t retrace the origin of the detected files; that’s the most frustrating thing this moment.

I’m going to scan all the mentioned systems manually and check the logs.

But that’s not the way it should be.

I somehow missed the first post and read it. I completely agree with you about the tedious steps it takes to figure out the device/infection details. Yesterday, I dealt with 2 trojan viruses from work, which we use a different RMM and A/V. My Inbox got flooded with emails until I dealt with and cleaned off the infection (hence my previous post…sorry if it wasn’t relevant to your concerns). However, in order to deal with the infections, I simply logged into the RMM, looked up the machine name, and scanned from the RMM. The infection was not completely removed as it was cleverly designed to use a legitimate Microsoft exe with a modified dll. So that part I had to manually remote on the machine and remove it.

I say all that to say, it is much easier to deal with infections from that RMM than this one, which I use for my personal customers. It’s always tedious am I am in agreement there should be more thought into the process of: detecting the infection, relaying the info to us, and more accessible way of getting the details about the machine and infection.

Looking forward to Itarian’s response to this…

Hi Uandit,

No problems. Good to hear that you also have these thoughts regarding this product and note it here in this thread.

I do recommend that more admins like us, who are having the same feeling towards the inability to properly work with this platform because of the lack of intuitive navigations and communication methods, leave a comment here.

The more reactions, the better.

An endpoint protection tool that’s inconsequent, misses malware detections, doesn’t shows/logs the infections and is difficult to interact with, is not very useful.

The product has the potential, so I’m still trying to make use of it. But I think the focus is wrong here. (in every update I see new introduced functions, but the very basic and needed functionality is still ill implemented.)

So, to all other admins/ mps’s, please leave a comment here if you feel the same.

Frankly, I find the security subsystem to be a bit of a mess and hard to use.
Its like nothing hangs together.
Example:
On my dashboard its says I have 13 infected devices.
I click the link and it shows me 13 devices.
If I click the device it shows me device details and nothing about the infection.
But nothing about the infection.

Client calls about an app that got installed virtually.
Didnt notice the green frame. Its really easy to miss.
I find the app and its listed as unknown. I have no way to upload the application for review directly from the backend.

Running a full virus scan on a device now.
It found some files listed as virus.
In the backend its marked as malware but when I try to get some valkyrie details there are none.

Confusing as hell to the point its useless.

I really dislike how poor this is setup and integrate.

At this point I rather have a different AV program than this.
Its not just user friendly I find it hard to find out whats going on.

Tried to whitelist a program today but it woudlnt take it.
Or I should say the client got pissed and gave up before it would allow the app to be ran.

Just not good good business for us.

If I have no idea on how to use this then blame your poor interface and integration but feel free to educate me.

Update:
I’m still getting the same detections over and over again. Multiple warnings a day.

When opening the link, I get redirected to the ‘Current Malware list’:

The first entry on top of the list is from the last device where I got a warning from.
Regarding what email I open, even from an earlier warning, this is the list I get.
Note the timestamp. So; is this how the list is sorted? By devicename? Is the timestamp the first time that this items has been detected?

No clue how to read this.

So when I sort on detection date, I get this:

Last detection is on 2020/05/05.

I just want to ‘trust’ these files, regarding how you read this. So I selected ALL the entries and selected ‘Rate as trusted’.
Multiple times already.
But I still get email warnings about these detected files.

Can somebody explain me what’s going wrong? I’m missing details and direct links to the detected files.

And if it’s a known problem. When can we expect an update?

Thanks

1.jpg1440×254 52.3 KB

2.jpg1387×497 87.2 KB

3.jpg1428×323 45.1 KB

The security subsystem is not very good.
Its so hard to understand and find issues.
This must be redone.

Also, please start using normal virus names so we can find out what it is.

Hi Itarian,
Are there any improvements regarding loggin and tracing warnings in the upcoming ‘Release Notes for June Release (2020-06-04’?
I still have these ‘daily detected warning-problems’.

If not, do you know when this can be expected?

Hi Itarian,

Still any progress regarding the naviagtion?
I still get a lot of emails of detections. But after clicking the link in the email I’m directed to the overview of all the devices.
How long will it take to get some details IN THE EMAIL?
So you can see how grave the detected threat is and act on it? Not first havong to login, and search manually through the devices and hope to find the detection.
I still cant find the detected threats posted in my 1st post, and we’re nearly 6 months further!!.
Also I still have the feeling that the current focus from the development team lies wrong; can you please fix/implement the long promised functions?
-App for Android/IOS to remote into devices
-Change the email so that there’s more info about the devoce, and the name of the threat/virus/malware and a direct link to the log-entry and action buttons in it?
-Better navigation to search through the detections.
These are the fundamentals of a security product!!!
After the change to a another paid model from your side I think that we as MSP’s can expect a decent product where the basics are in order. And now, nearly 10 months further I don’t see much improvements regarding these ‘old’ issues.

Can you give an update when we can expect improvements regarding the threat management system?

Hi @ailan ,

We have checked your requests status,

I still get a lot of emails of detections.
→ This item will be fixed in shortterm.

-App for Android/IOS to remote into devices
–>We are working on Android to Windows and Windows to Android option right now development in progress and as soon as Android part done we will start IOs version of this capability.

-Change the email so that there’s more info about the device, and the name of the threat/virus/malware and a direct link to the log-entry and action buttons in it?
→ This feature is also in our roadterm. And we are planning to deliver it in midterm.

-Better navigation to search through the detections.
→ Could you please give more details about this request i couldn’t get the use case.

By the way as a product management team we are sharing our short term quarterly road map on below link, you can always check the items that we will release on next quarter.
https://forum.itarian.com/forum/general-announcements/product-roadmap/46081-itarian-roadmap-plan-for-2020-september-and-december

Best regards,
Product Management Team

Hi @Zeynep.
Thanks for your message.

I will put my answer under your comments in red.
Maybe I look a little bit harsh, but what I would like to make clear is that this is a security platform and some basic functions are expected.
No problem if it’s in ‘short/ mid/ long term’ but, they were already expected months ago…
So can you please be more detailed when we can expect these basics implemented? Now it’s unmanagable and half usable. For me then.

I still get a lot of emails of detections.
→ This will be done in short term.
How short is ‘short term’? For a security platform the communication is a fundamental thing. You have to let the admins know what is going on and how grave the threat is.
Should be on a ‘high priority list’.

-App for Android/IOS to remote into devices
→ We have two feature requests and Android is in our short short plan. I will share IOS later.
Very strange: this is a request from sept 2018 and earlier. And the expected time was 6-12 month. We’re now 2 years further.
see: https://forum.itarian.com/forum/general-discussions/28130-mobile-remote-control-app
and
https://forum.itarian.com/forum/products/feature-requests/22243-feature-request-rmm

-Change the email so that there’s more info about the device, and the name of the threat/virus/malware and a direct link to the log-entry and action buttons in it?
→ This will be done in mid-term.
Also. I’ve already brought this up in okt 2017: https://forum.itarian.com/forum/products/other-comodo-products/comodo-device-management/18926-how-can-i-get-a-ticket-notification-mail-when-an-endpoint-detects-a-virus-malware

-Better navigation to search through the detections.
→ I don’t understand this problem. Can you please explain more about your problem?
If you see the openening of this topic, you’ll get an idea. In any case of a detected threat, I want to have a direct link and/or better ways of finding the entry. Now I have to plow through different logs and most of the time I cabn’t even find the affected device.
It should be clear already because of the reaction I got from your support engineers:

[I]Hello,

Thank you for contacting ITarian Support Team.

We thank you for providing details about your query. Our product management team is aware of your request and is working to prioritize it with the others received. We will provide you an email notification for any updates regarding this request and its timeline once it is prioritized on the road-map for a delivery.

Regards,
Colin
ITarian Support[/I]

Hi @zeynepyildirim,

As Product manager, nearly 2 weeks further, can you have a look at the last post and then refine the timeframes for the requests?

Thanks in advance.

Hi @ailan ,

Your requests are important and we always prioritize them into our products and try to prioritize them but some feature is not easy to implement and we need to work on them. Adding these features to our product we need to be sure about performance of the system, first we are working on system stability and performance issue and then we are implementing this new features that is why they are taking some time.

I still get a lot of emails of detections.
→ Our team is still working on this problem. But it requires more effort that’s why we are implementing technical improvement methods for resolution.

-App for Android/IOS to remote into devices
→ I can say for Android 2021 First quarter, IOS 2022 First quarter.

-Change the email so that there’s more info about the device, and the name of the threat/virus/malware and a direct link to the log-entry and action buttons in it?
→ I can say for this feature 2021 third quarter.

Thank you for your patience.

Regards,
Product Management Team.

Hi @zeynepyildirim.

Thanks for your reaction.
I do realize that it takes effort and some time to implement functionality into the platform.
I only emphasize some of these funtionalities because, in my opinion, these should be basic ‘features’ that should work from the beginning.

And still, after promissed for a few years, not implemented is not very comforting for an end user/ MSP.

Navigating and troubleshooting on the platform is very troublesome. And I doubt that I’m the only one.
I use this platform for a long time and want to implement and sell it to my customers, but it is very hard to maintain because of all these little mismatches.
The result is a flood of emails from Itarian that is recurring multiple times a day!
It’s still not very usefull for me as a antivirus/security product as I wanted to see.

So hope that you can understand the point I want to make clear.

And hope that, you from the Product Management Team, can accelerate to implement the basics soon. Before adding extra new features.

I would be more happy if you could only implement these basic features:

• emails with more details about detections with action buttons. (shouldn’t be too hard to implement)
• Finding detections more easy in the systems and take actions from there.
• Android remote app.

Regards,

@zeynepyildirim. That would be great if you can implement these functions on short term.

The request about emails wasn’t a problem but a poor warning method:
Now I get an email with the following text “New Infection Detected on device ##. Follow the link to see details.’” When clicking on the link, I first have to login the portal and then I’m forwarded to a list of all the devices. Here I have to search mannually for this device and browse through the various logs.

In case there’s a serious outbreak, this takes ages to notice.

Best case would be to receive an email with at least the following info:
Devicename,
Name of the threat/ virus,
The level of danger,
and some actionbuttons like ‘Clean’, ‘Scan system’, Whitelist or Blacklist the app or file.
Or something like that.

Hope you can design and implement something like this in Q4 2020.

Regards