Customer Requests

Problem Description: Our organization relies on Xcitium Endpoint Manager and its DLP capabilities to protect sensitive data on our endpoints. While the current DLP features allow us to control and monitor data transfers to USB storage devices, a significant risk remains if sensitive data is copied to a USB drive that is subsequently lost, stolen, or accessed by unauthorized individuals. Without enforced encryption at the point of transfer to the USB device, the data is exposed and vulnerable, potentially leading to a data breach and violating compliance requirements. The current lack of automatic encryption upon data transfer to USB places the burden on users to manually encrypt data (which is often overlooked or done incorrectly) or relies solely on preventing the transfer, which may hinder legitimate business needs for using removable media. Proposed Solution (Feature Description): We request the addition of a feature within the Xcitium Endpoint Manager DLP module that allows administrators to configure a policy for enforced automatic encryption of data copied to USB storage devices. This feature should ideally: Allow administrators to enable a policy that triggers automatic encryption for any files or data being copied from a managed endpoint to a connected USB storage device. Provide options for the type or method of encryption used (e.g., strong, industry-standard encryption algorithms). Ideally, allow for centralized key management or a secure method for authorized users to access the encrypted data on the USB device (e.g., via a secure reader application, password protection linked to the user's endpoint credentials, or certificate-based encryption). Integrate seamlessly with existing DLP monitoring rules, potentially allowing for policies like "Monitor transfers to USB, and if sensitive data is detected based on patterns/keywords, automatically encrypt it." Provide logging and reporting within the Endpoint Manager to confirm when data has been automatically encrypted upon transfer to a USB device. Justification / Business Need: Implementing enforced automatic encryption for data copied to USB drives is critical for several reasons: Enhanced Data Protection: It directly mitigates the risk of sensitive data exposure resulting from lost or stolen USB media, providing a crucial layer of security for data in transit outside the immediate endpoint environment. Improved Compliance: This feature would significantly help organizations meet stringent data protection regulations (such as GDPR, HIPAA, PCI DSS, CCPA, etc.) that mandate the protection of sensitive data, especially when it is moved or stored on portable devices. Stronger Security Posture: It closes a common vulnerability gap associated with the use of removable media, strengthening the overall endpoint security posture. Reduced Reliance on User Action: By automating the encryption process upon transfer, it removes the burden from end-users and ensures that the policy is consistently applied, reducing the risk of human error. Balancing Security and Productivity: It allows organizations to permit the legitimate use of USB drives for necessary data transfers while simultaneously enforcing a critical security control to protect the data being moved. Expected Benefits: The implementation of this feature would provide organizations using Xcitium Endpoint Manager with: Significantly reduced risk of data breaches via lost or stolen USB drives. Improved compliance with global data protection regulations. A stronger, more comprehensive endpoint security solution. Streamlined data handling procedures with built-in security for removable media. Priority: High We believe this feature is essential for providing robust data protection in today's mobile work environment and would greatly enhance the value and effectiveness of the Xcitium Endpoint Manager DLP module. Thank you for considering this feature request.

This is a Feature request for a “normal” Scan History option both locally and from the management portal. A log and ability to see type of scan and relevant information like anything detected etc with the ability to drill down if something detected, what it was and what was done with the it (file(s)).

We would like to check if it is possible to track modifications to Group Policy Objects (GPOs). In addition, to check if the platform is able to support real-time alerting or notifications in scenarios where a user attempts to perform unauthorized changes to Group Policy settings or other administrative configurations

Currently, making changes to XCS settings on the agent requires direct intervention on the endpoint, which is both inconvenient and disruptive to the user. Essential tasks such as adding applications to the Virtual Desktop, resetting containment, launching a Virtual Desktop session, and creating application shortcuts can only be performed locally. To streamline management and enhance security, there needs to be an option to modify all XCS settings directly through the portal, including but not limited to: - Adding/removing applications in the Virtual Desktop - Resetting containment without requiring user interaction - Launching Virtual Desktop sessions remotely - Creating and deploying application shortcuts for the Virtual Desktop - Adjusting other agent settings such as those found in the advanced tasks, DLP tasks, firewall tasks, and containment tasks tabs without manual endpoint access Currently, some changes require modifying profile settings to allow user overrides, which contradicts security best practices. Enabling full administrative control via the portal would eliminate the need for user intervention while maintaining security and operational efficiency. Implementing these capabilities would significantly improve the management experience and reduce disruption for both administrators and end users.

"Creating rules with actions in automatic playbooks, in addition to taking actions within the EDR itself, may also, if necessary, integrate via API with other devices, for example: Taking action when the EDR identifies something malicious such as: terminating the process, deleting the file, or cleaning data persistence."

We would like the platform to include industry-standard security compliance templates that can be used to assess and verify whether a client is complying with common security standards such as: HIPAA (Health Insurance Portability and Accountability Act) GDPR (General Data Protection Regulation) SOC 2 (System and Organization Controls) PCI-DSS (Payment Card Industry Data Security Standard) ISO 27001 (Information Security Management System) NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) CIS Controls (Center for Internet Security) These templates should allow for a checklist-style audit or compliance assessment where the platform can automatically compare a client’s environment against the necessary security requirements for each framework. We also need a feature that allows us to check and monitor compliance in real-time or through periodic assessments. This should involve: An easy-to-read dashboard or portal view where we can quickly see if a client is in compliance or if there are any gaps. The ability to track and alert when a client falls out of compliance or needs an update (e.g., outdated encryption, insufficient data protection measures, etc.). Automated reminders and alerts for upcoming compliance deadlines, audits, or renewals. It would also be incredibly helpful to generate a professional, high-level executive report on a client’s security compliance status. This report should include: An overview of compliance with industry standards. A summary of security gaps or issues preventing full compliance. Risk assessment and priority actions required to close any gaps. Visual elements (e.g., graphs, risk heatmaps, compliance scores) to make the report more digestible for business decision-makers. A clear executive summary with high-level insights that are suitable for stakeholders without technical expertise. We would greatly appreciate the ability to generate these reports at the click of a button and have them available in a polished, client-friendly format (PDF or similar).

Good Morning: Dear technical support friends, here are some details that our customers with the Xcitium console have been asking for so you can manage them with your development and programming department. Perhaps it can be included in the next console updates. Customers mention that other antivirus brands have these features and that they help with their functions. Customers request that the Xcitium console include: 1) Website blocking. They note that other antivirus brands can block websites in their profile or policy from their web console through a content control module (internally, they add a certificate to the website in their programming and can block it, either by category (social networks, games, gambling, online dating, etc.) or by specific pages entered in the filters). This could be added to the Xcitium policy profile and applied to a computer or group of computers. 2) Integration with Active Directory, performing a scan similar to the one performed with the Xcitium mass installation tool. The Active Directory tree would be displayed in the Xcitium console in the device list section. This would show which computers have our Xcitium solution installed and which do not. From the central Xcitium console in the cloud, a remote installation could be sent to computers that do not have it installed, as another installation option. 3) In the EDR section, a more dynamic and detailed graph of the timelines of any detections could be displayed, perhaps in a tree that correlates to the computers on the client's company network. The MITRE ATT&CK techniques used could also be shown. 4) Could you provide a page where all the monthly updates to the console are visible and keep us up to date? I'm passing these suggestions on to you as inquiries from end customers. They may serve as improvements to the Xcitium console (which is already quite good with its features). However, the idea is to continue improving based on customer feedback and perhaps incorporate some of the features you see in other antivirus consoles. Sincerely,

One of the primary reasons for using Endpoint Manager (or any MDM) is being able to manage the user's Apple ID and control what apps they can or cannot install. We DO NOT want them to be able to download anything they want from the App Store. We want them to be able to download specific applications that we approve and make available in EM. Currently, the only way to add new applications to a users device is by physically possessing the device and adding new applications via Apple Configurator.

Comodo Client Security isn't supported / doesn't function on ARM processors.

title says it all, can we have it please ASAP