Improved location awareness. Having hundreds of client ping or HTTP an internal location to determine if in office or not isn't too practical. it's not clear either if the location is active or not and it appears status changes are not logged.

I 100% second what @Alex- said, super valid point.

Hello BarYassure,

Some wished features could be:

1. Reduce performance degradation.
2. Allow creation of IoAs.
3. Use VHASH for advanced threats.
4. Export information from Threat Hunting results.
5. Extended DLP, not only browser based. For example mail app, clipboard, collab apps (webex, teams, etc).

Regards

Hello,

- Ability to detect linux OS as server or workstation. Currently, it's categorized as a workstation.

- A dedicated agent for Windows servers, enabling dedicated and adapted blades, notably in terms of resource consumption or protection.

- Further development of server profiles (oracle DB, known application, ...). The ability to create server profiles ourselves (community profiles for example, ...).

- Redesign the VPN client interface so that it is integrated into the interface (visual consistency).

hi bar

I'm also seeing that it could improve the diagnostic run feature if more explanatory. Also improved in the forensic blade with respect to performance.

1. Overall performance improvements options for use on resource- limited devices.
2. Dashboards and reports for hardware and Software inventory on endpoints.
3. More advanced DLP functionalities (not only browser-based) that enable DLP on applications, mail clients, printers, removable media,etc and the ability to generate hidden/shadow copies for evidence.
4. options for remote troubleshooting on clients (such as remote access to the client desktop).

5. Ability to use the agent to deploy 3rd party software.

Hello,

Here is my or rather our customers "wish list", based on feedback grabbed from the technical trainings/POCs and general customer talks:

1. Improve or rather add the possibility to manage endpoint quarantine from the management console. Right now, Harmony doesn’t have proper quarantine management from the console.

2. LOGS: Enable saving your favorite search filters as presets (in the same way as it works on Quantum Management).

3. Add the ability to use the agent to deploy third-party software.

4. Add the ability to show installed software on endpoints (not only the vulnerable apps shown in the posture management tab).

5. Remote session/shell sesion to the endpoint.

6. Display more information about the endpoint when you select a particular endpoint from the “Asset Management” tab (the section below the endpoints list). Right now, this info tab is very basic compared to the competition. Example information that could be useful for administrator:

     - utilized license (if you have a mix of different licenses this information could be very useful),
     - logged-on user(s),
     - applied policies,
     - applied exclusions,
     - logs (related to this endpoint),
     - push operations status/history (related to this endpoint),
     - installed applications (related to 4 feature request from this list),
     - vulnerable applications,
     - active alerts,
     - active attacks,
     - quarantine (related to first feature request from this list).

Also the overall performance and hardware utilization on endpoints could be more optimized, but it was mentioned in this threat already 🙂

Well let this be my first post.

I'd like to see the following improvements:

• Improved Application Control, so we can better harden systems manually (yes, I do use it for that). For example, it would be great to have "Parent Process" option so we can block calls from LOLBin to LOLBin. In fact, consider what other improvements you can implement to aid system hardening. Perhaps some operands in command lines, like "+". For example, command line contains "C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" + ".exe". You get the idea.
• Performance improvements  - for example the UI is not GPU-optimised and draws quite a lot of CPU time. I noticed during a scan, the UI draws more CPU than the scanning process itself.
• UI Improvements - some alerts include way too much text - example, malware detected by file reputation. Consider shortening some alerts or formatting them better, using different font weights instead of just one, for better readability. 
• Consider using generative AI to enhance Threat Emulation reports with a malware write up - sort of like an analyst has written it. 
• EFR improvements: upon cleaning malware, blank folders are sometimes left behind.
• EFR/ E2 Improvements: When DHS-compliant engine detects malware, it sometimes generates 2 detections. One for the actual file and one for the browser cache. The browser cache is reported as "not cleaned" and machine status changes to "Infected" until a reboot. Consider fixing that.
• EFR: I am not seeing any registry entries being deleted as part of malware cleanup and sometimes, startup items are left behind. I am sure registry is being monitored, after all you have a whole kernel driver for this purpose, but not sure why registry entries as part of attacks are not being cleaned up. Consider boosting the cleanup process.
• NGAV - have you considered developing an engine that can analyse scripts in pre-execution phase on-machine, when they've been introduced locally, for example on a flash drive (not emulated)? Documents, executables and DLL files are covered, but scripts aren't and E1 is going away, E2 according to support is ran with Dynamic Analysis off, so I see a little gap here.

I can think of many improvements more, but I'll stop here for now 😊

And I forgot about one very annoying thing which should be fixed.

When you create and download a custom software package, you need to wait for the package to be ready for download (which is absolutely normal). However, you need to wait to click the “DOWNLOAD” button when it’s finished, and unfortunately, this option disappears after a while. Most customers miss that moment, and to be able to download the package, they need to recreate it.

This is super annoying because you need to wait for that specific moment to be able to download the package.

Is it possible to force the package to download automatically in the browser? It would be much more efficient.