Possible improvements from my point of view

Hello Marcus,

there's always room for improvement - and you correctly called your suggestions a challenge. TANSTAAFL though, are you willing to fork over the quid or bucks for major redesign :smileywink:? If you prefer economically priced evolution you should prioritize your list (and possibly explain the value for your business).

In the hope to stir up some discussion allow me a few remarks:

some sort of progress view when initiated a full scan from the EC

Has already been wished (there's the Last scan completed but nothing more). While it seems simple at first it's more than just sending a tick at regular intervals. Do you want this just for the Full System Scan (to make sure it has been started and progresses)? What would be your next action if it doesn't?

more detailed view per computer especially which policy settings are deployed (keyword "differs from policy")

Making the client send back the policy XML and storing it in the database shouldn't be too hard. More of a challenge is making it readable in SEC - you probably want want to have the differences flagged. It would likely inflate the console as it would have to be able to deal with different client versions (what about "uplevel" clients?) or the clients would have to be "console version aware". If you simply want the clients to comply just force compliance - to determine the underlying cause for the difference the policy values in effect might be insufficient though. Or what else do you think you would gain?

per schedule settings, especially exclusions/inclusions

I'm not sure where this would be necessary. Are you thinking of backup? In this case a per (validated) process exclusion would probably be better.

"include this and exclude everything else"

You're not talking about on-access, are you? Do you think of "partial" scans from SEC, i.e. a scheduled or immediate scan of only parts if the file system (similar to a scan initiated locally)?

per computer/per user policies

This is a different paradigm than that currently implemented in SEC. This too has come up when this forum was still young. While a per computer assignment is thinkable (but wouldn't you want to be able to group the 6000 of them in one or the other way - and think about the clarity of AD) additional per user would further complicate things. But please see Device Control - By User?.

download/creation of certain files

Creation would necessitate "constant scanning" - you probably wouldn't like the performance penalty. I think that DC could be extended to downloads though (although it might be better to scan them already on the gateway).

Personally I'd like to see some other features, for example (not all of it my original ideas):

The ability to safely collect samples (this is not the same as the move cleanup option) upon request from SEC (maybe with direct submission to the Labs)

Access to the logs via SEC, or perhaps better: an option to run SDU on the client and have the logs stored in a central location (or perhaps sent by mail)

Christian

Hello Marcus,

there's always room for improvement - and you correctly called your suggestions a challenge. TANSTAAFL though, are you willing to fork over the quid or bucks for major redesign :smileywink:? If you prefer economically priced evolution you should prioritize your list (and possibly explain the value for your business).

In the hope to stir up some discussion allow me a few remarks:

some sort of progress view when initiated a full scan from the EC

Has already been wished (there's the Last scan completed but nothing more). While it seems simple at first it's more than just sending a tick at regular intervals. Do you want this just for the Full System Scan (to make sure it has been started and progresses)? What would be your next action if it doesn't?

more detailed view per computer especially which policy settings are deployed (keyword "differs from policy")

Making the client send back the policy XML and storing it in the database shouldn't be too hard. More of a challenge is making it readable in SEC - you probably want want to have the differences flagged. It would likely inflate the console as it would have to be able to deal with different client versions (what about "uplevel" clients?) or the clients would have to be "console version aware". If you simply want the clients to comply just force compliance - to determine the underlying cause for the difference the policy values in effect might be insufficient though. Or what else do you think you would gain?

per schedule settings, especially exclusions/inclusions

I'm not sure where this would be necessary. Are you thinking of backup? In this case a per (validated) process exclusion would probably be better.

"include this and exclude everything else"

You're not talking about on-access, are you? Do you think of "partial" scans from SEC, i.e. a scheduled or immediate scan of only parts if the file system (similar to a scan initiated locally)?

per computer/per user policies

This is a different paradigm than that currently implemented in SEC. This too has come up when this forum was still young. While a per computer assignment is thinkable (but wouldn't you want to be able to group the 6000 of them in one or the other way - and think about the clarity of AD) additional per user would further complicate things. But please see Device Control - By User?.

download/creation of certain files

Creation would necessitate "constant scanning" - you probably wouldn't like the performance penalty. I think that DC could be extended to downloads though (although it might be better to scan them already on the gateway).

Personally I'd like to see some other features, for example (not all of it my original ideas):

The ability to safely collect samples (this is not the same as the move cleanup option) upon request from SEC (maybe with direct submission to the Labs)

Access to the logs via SEC, or perhaps better: an option to run SDU on the client and have the logs stored in a central location (or perhaps sent by mail)

Christian