-
Posts
32 -
Joined
-
Last visited
Reputation
7 NeutralRecent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Thank you - it's kind of a frustrating corner to be in. I got a video of the process being done from support. That will have to do, I suspect.
-
Which, unfortunately is slow and underwhelming considering the amount of $ I send their way each month. I like the product, I do. But I'm starting to think I should be looking around. :-( There is an MB subreddit, but it's just end-users griping about the personal product. r/msp seems pretty clearly to be focused on Sentinel. And so it goes... See you on TN!
-
I can appreciate that However, consider the following: This was a major feature that sold us on the product. Not being able to test it, or prove that it works makes it vaporware. I'm depending on it being there and working in a time of crisis when I cannot ascertain that beforehand. If I had been more unlucky and actually HAD an infection among my client base where it saved the day, then this would be less of an issue. I guess it occurs to me that the company is asking a lot for its users to trust that this feature will work when needed -- without providing the any ability (other than checking the box in the policy setup) to prove that it will be ready and waiting when you really need it. If you will put yourself in my shoes for a moment, I think you will see my concern. Help me sleep a little better at night by throwing me a breadcrumb here...
-
Is there a better place to post Nebula questions for more visibility?
-
Two years into this product now and I was all ready to post this question again, forgetting that I ever posted it before - haha. I am disappointed to see that no one ever responded, meaning this forum is not the correct venue for this query. It's disappointing that most every question turns into a support ticket, which is missing the important "community take" on many issues. Support has no interest in answering the question "What is everyone else doing in this situation?". That question should be exactly what forums like this are for...
-
@opinzetta - any update you can share on this issue?
-
I'm not asking you to provide malware. I'm asking to open up the rollback feature so that it can be utilized without a current detection.
-
That is.....disappointing. I did open a ticket, and guess what, support cannot help - they sent me to SALES who want to do a demo. Yeah, no - that's not what I'm interested in. I want to see the thing work with my own eyes on a real machine that I control. I don't think that's too much to ask. This is no different than restoring a file or directory from backup to prove it works, IMO.
-
I've been lucky and have not had to actually perform a rollback for a client yet, but I'd like to test the process on a sacrificial workstation. For one, we can review our SOP, and perhaps most-importantly, we can see that this process actually works so we're not trying to figure it all out in a time of crisis. The documentation appears to say that the software needs to have detected suspicious activity for a rollback to be available. I'd like to setup quarterly testing of this process for clients - How can I do this?
-
I trust then, that you find no fault with my basic procedure as outlined?
-
You may be right. I am pretty sure I have the correct policy set as the default for that site, so any workstations that get into the default group should have the correct policy even if I forgot to move them into the right group. For sites with servers, I typically define both a Servers and Workstations group, and apply separate "ClientName_Server" and "ClientName_Workstation" policies assigned to those groups respectively. Additionally, I like to assign the "Workstation" policy to the Default group because new workstations get added way more often than new servers. Admittedly, it has always been confusing to me the differences between global and local policies, so maybe I'm just doing it wrong. I typically create my policies from the main Nebula console, before the individual site is even created (because that way I can clone from another client policy, which saves time). Then, when I create the site, I choose the now-existing policy as needed. For sites with no servers, there is typically only the default group, so I assign the client policy to that group. For sites with servers, I do as stated above. I assign the workstation policy to both the default group and the workstation group. Then I assign the server policy to the server group. In any event, I did find a couple of workstations that were still in the default group for the most-recent client where I found the problem of the missing tray icon. So, I moved them into the workstation group, but in fact, both the default and workstation groups use the same policy which has the checkbox to display the systray icon. I'll check after-hours today to see if the icons now display.
-
Latest installer for EDR from Nebula, Windows 11 Pro on workstation. There seems to be sporadic cases where although the app is installed, there is no entry in the start menu and no system tray icon. The endpoint is resident on the dashboard, however. Is this a known issue perhaps? One thing may be relevant - these are replacement machines, so the licenses are temporarily over-provisioned until the devices going aware are deleted from the dashboard.
-
I have a managed AV product on all of my commercial customer's machines. For those that also have MB's EDR installed, is this a problem? The AV vendor is trying to sell me on their EDR, telling me that having the AV in place with an EDR will stop the EDR from automated remediation, and that I shouldn't be running both on the same machine. Further, than there is no possibility than a signature-based AV would find something that the EDR would miss. I'm not ready to believe this, and have always been a fan of having more than one vendor's products looking at the data as a form of layered security. For most all of my commercial clients, the hardware firewall has gateway AV, and gateway AS, and I have both a managed AV and Malwarebytes EDR on the endpoints. So 3 separate vendor's products have a chance to review the traffic. Does my approach make sense or am I doing my clients a disservice by loading their endpoints with both products?