Hello,

1. Leave a firewall in detect mode and after some time recommends rules to include on the rulebase. Something similar to tailored safe mode but for access control.

2. Definitely Harmony Endpoint consuming too many resources on the endpoint. Run diagnostics and low memory mode are a good start but no enough, first one does not include disk usage information (yet?). Too many processes running on the OS. Many tasks trigger high resources usage (antimalware scan, forensics correlating events, upgrades).

Regards

1. full IPv6 support for all products and features

2. Bug bounty

I would like to strongly request for an uninstaller/clean up tool for EPS, as many competitor endpoints have.

I have experienced many times where a customer installed EPS but introduced many issues on their client. To resolve it they try to uninstall by "remove programs" but sometimes does not complete and leaves some EPS components left on the PC, where running EPS installer again somewhat fails and can't even repair/reinstall.

Existing SKs most of the time tell us to use safemode/edit registry/manually create files...blah blah... but this is not something we can easily ask customers to do. In worst cases TAC informs us to clean install Windows...

I believe I'm not the only one that wants this feature 🙂

• We always hear from Kaspersky customers (I've heard from some SentinelOne customers too) how it's easier to deploy their endpoints using network discovery (they first discover all machines in their network, without the need for AD) and sending endpoints remotely through the console. I think this should be looked into carefully, because the reality is - at least where we operate - that customers are more concerned from an operational point of view rather than security. They understand products are "similar" securitywise, so they are looking for products that make their life easier. Most of our deployments are using GPO, but we have potential customers that either do not have AD or are not willing to use it for endpoint deployment. Remote Deploy feature always bring customers concerns because we need to disable Defender on machines prior the deploy. I think there's room for improvement.
• Same thing for PC Inventory. They love Kaspersky because they can dinamically keep tabs on which PCs they have, CPU specs, RAM, softwares installed, etc. Again, operational point of view. With Harmony they understand they'll have better security, but they are going to increase man hours to operate it, losing operational features from Kaspersky.
• Another feature they love is the ability to disable the endpoint on the end user machine for 10 minutes using a password. It's easier to debug problems that happen. With Harmony we either give this option to the user (no need for a password or timers) - not optimal - or we need to create a policy with everything disabled and put this machine on this policy, but it takes time for the policy to update and sometimes they forget to take the machine out of the policy. Not optimal too.
• Customers always find it confusing to work with a lot of different client versions. We've seen that the evergreen client is on the roadmap and this is something they always ask about.
• Focused support: we also often hear complaints about the endpoint causing issues (they are very diverse, it's hard even to specify) that are solved as soon as the endpoint is removed. It's hard to argue with them that it wasn't the endpoint's fault. From this point we need to collect CPinfo and whatnot, but the TAC case always takes more time to reach a conclusion than the customer is willing to wait. Most of the times a change of version is recommended, which is considered by customers as a bland solution. Sometimes even to reach a conclusion that it was not endpoint's fault, just for us to install it again and experience the same issues. A revamped debug/analysis of clients issues would be very much welcomed.

For now this is what comes to mind, I'll keep you posted if I remember anything else.