4 results found

1. Display estimated remaining scan time when a USB stick is inserted

   We would like to see approximately how long the scan takes as soon as a USB stick is inserted.

   3 votes

   Vote Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Detection & Response  ·  Delete…  ·  Admin →
   declined  ·  AdminAndreas Fuchs (Product Management, DriveLock SE) responded

   Unfortunately, this issue cannot be resolved at the moment. To scan, we call the command line version of the Defender MpCmdRun.exe. While this action initiates the scanning process, it does not provide any feedback or progress updates.

2. 3rd party events should be directly sent by SMTP/SNMP

   it seams 3rd party event can only be sent to the DES as oppose to DriveLock events that can be sent directly by the agent through SNMP/SMTP. Ths should be the case for 3rd party events too.

   2 votes

   Vote Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Detection & Response  ·  Delete…  ·  Admin →
   declined  ·  AdminAndreas Fuchs (Product Management, DriveLock SE) responded

   Backend is the single source of truth. Events can be forwarded by the backend service.

3. Too many messages, event ID: 129, because of locked devices

   Every time a user connects an iPhone or Android phone to a computer, our Drivelock server gets a message that a device has been connected there. This is not allowed by us and the device will be locked, then different
   Messages are sent Event ID: 129.
   Now my question, is it possible to create a rule in these cases:
   That the user always gets a message (bigger message, not only in the systray) to disconnect the device immediately until he disconnects the device? So that always new messages appear, which the user must click away and he is quasi forced to remove the device from the computer.
   Or that the device is disconnected by script, deactivated in the
   device manager?

   Every time a user connects an iPhone or Android phone to a computer, our Drivelock server gets a message that a device has been connected there. This is not allowed by us and the device will be locked, then different
   Messages are sent Event ID: 129.
   Now my question, is it possible to create a rule in these cases:
   That the user always gets a message (bigger message, not only in the systray) to disconnect the device immediately until he disconnects the device? So that always new messages appear, which the user must click away and he is quasi forced… more

   2 votes

   Vote Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   declined  ·  2 comments  ·  Detection & Response  ·  Delete…  ·  Admin →

4. EDR new responses (email, snmp, ...)

   actually responses definition include Powershell, Batch, Command line, Awareness and taken picture. It should be extend to E-Mail, SNMP Trap and Web-hook. At least E-Mail should be implement. That way one could decide to send E-Mail based on filtered event.

   It is actually possible to send E-Mail for a complete event-type but not to define further condition under which the E-Mail should be sent ( user, folder, computer, etc, ...). Of course it is possible to write script but E-Mail is already there in the solution.

   It sould be although possible to restrict the action repetition if one action (f.e access a file) leads to multiple event-entries.

   actually responses definition include Powershell, Batch, Command line, Awareness and taken picture. It should be extend to E-Mail, SNMP Trap and Web-hook. At least E-Mail should be implement. That way one could decide to send E-Mail based on filtered event.

   It is actually possible to send E-Mail for a complete event-type but not to define further condition under which the E-Mail should be sent ( user, folder, computer, etc, ...). Of course it is possible to write script but E-Mail is already there in the solution.

   It sould be although possible to restrict the action repetition if one action (f.e… more

   2 votes

   Vote Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   1 comment  ·  Detection & Response  ·  Delete…  ·  Admin →
   declined  ·  AdminAndreas Fuchs (Product Management, DriveLock SE) responded

   Fine-grained notification logic (E-Mail/SNMP/Webhooks based on filtered events) is better handled by external SIEM/SOAR or automation platforms. Implementing this within the EDR response engine would duplicate functionality and conflict with the current platform architecture strategy.