TOPIC START EDITED ON 29-6-2010

There are several things i like to see in the new ADNM version…
Since there is a total blank about the development (Vince, please hire a PR manager) i dont know if the development already started so hereby a few items i would like to see:

0 TOP) Be able to choose where the mirror files are stored! (comply with the new way of 2008/win7 about the program files directory where programs only should be installed and not have data written) This includes making it possible to put on a network share…

1. Domain integratration for Windows where the computer catalog automaticly is buildup like the structure of the Organisational Units in Active Directory, instead of manually recreate the complete structure by hand and having to drag and drop the discovered computers in the appropriate container…

2. Apply settings in the style of Group Policies (ala GP in AD). That way its easier to maintain settings and see which AV Policy is applied to which container…

3. Windows integration with AD for usage/login rights of ADNM console. So we dont have to give every user a seperate username/password for login in the console and all the rights have to be set just 1 time inside the console to the appropriate AD groups that are divined in Active Directory

4. special integration for mobile devices possible? no experience with that now tho, but would be awesome to control the mobile device remotely… or when it is hooked up in the network (wifi/usb/bt) when the user is inhouse or hooked up with VPN or something…

5. Better support for different (read: new) operating systems since the current support for Win7 is there but thats because the support for Vista has been added early last year only (which is 2 years after the RTM release of the OS) maybe modular support for new OS, which would possibly be able to be used for linux (kernels) too

6. better documentation of ALL the features in the products and what certain settings do

7. better exchange integration, Avast is certified for Win7 because of a field trip to Redmond college… this could also be done for Exchange and maybe sharepoint/MS SQL too?

8 ) i didnt really check into this one in the current ADNM but i would like to see PUSHING commands to the clients instead of the AMS waiting for the client to contact and notice a command…

9 ) make linux/mac clients managable via ADNM too (possibly port ADNM to linux/mac ? a lot of work i know)

10 ) make the engine/program updates process go through the normal way like the virus definitions do, instead of the way its done now by going to the windows software window click on uninstall the program and choose the update button instead of the uninstall button
(thank you Yanto for the input)

11 ) during installation better support for SQL server databases. Right now you need to manually point to the databaseserver and databasename and pray2work, this could be better if the installer detects the databaseserver and the database instance that has been precreated by installing with namedspace in SQL. (WSUS can do this, why not Alwil, show MS who is boss!!)

12. have control over updates being rolled out to clients to test on a test machine before deployment (alla wsus)
    in this thread for example: http://forum.avast.com/index.php?topic=54699.0 there is an update that causes some exe file to be flagged as a virus while the file itself is legit (to
    the extend that it is a file from IBM from a specific program) same example for the update couple weeks ago which falsely identified and removed key files
    this control could have several levels

    1. auto update
    2. auto download but wait for approval
    3. manual download and approve

13. Make the mobile (PDA/smartphone) version manageable via ADNM (tho the future of the mobile version is unsure at this moment)
    (thank you SPI for the input)

14. If the option to have a secondairy server will be available again in this new version, make it possible to change settings easy so that a slave server (that gets the updates from the first AMS server) can be promoted to a master server without having to do all kinds of tricks or have problems popping up at clients.

15. Make definition and program updates available in a zip file for offline updating (mostly for secure networks that aint allowed internet access)

anybody with more great ideas?
maybe Alwil (VLK?) has some input this time in this thread or make a special beta forum for this one like done with the new avast 5 beta forum

16. Dont give out licenses in the ADNM console, while the program is not installed on that computer. Thnx to this thread i realised this wish: http://forum.avast.com/index.php?topic=57831.0

17. Make all management options accessible via one console

18. Add NAC support to avast. (Network Access Control (NAC) like Sophos or McAfee have it.)
    (thank you Yanto for the input)

19. This is a quoted collection from EDJ

- When you uninstall a netclient, it must be delete from the Computer Catalog. - When a task is running in a netclient and the netclient is power off, ADNM must change the status of the task to "uncompleted" or something like this. Maybe, restarts the task when computer is on again. - Automatic refresh, not F5. - Console direct access from Internet, not opening ports. To give support to customers. - Manual Mirror run from ADNM Console. - Send an email alert when mirror is not updates in 24 hours. - Improve reports. - Can create MSI packages in a shared folder on other machine with a normal user. - Improve time to install first mirror from Internet during installation. - Improve access to remote virus chest to restore files, send infected files to ALWIL, etc. - In PC properties a "Infected Files History". - Can see the licenses number from the ADNM Console.

20. See this message after a brainstorm from Scythe http://forum.avast.com/index.php?topic=54073.msg512281#msg512281

21. (actually a nobrainer but: ) Direct scanning of removable devices as in external harddisks and USB sticks and smartphones (basicly anything that can act as a disk)

22. Installer ROLLBACK feature. When cancelling the installation the installed parts remain on the system. If the installer removes the installed parts after
    pushing cancel, a potential problem of having a crippled installation will be eliminated (thus no need for the special avast removal tool for a failed installation).

I dont agree tho with the console being accessible directly from the internet without opening ports. This is possibly a huge security risk when the password used is not set or the standard one or an easy to guess password… it means the people logging in have almost direct access to your complete infrastructure (they see ip adresses, dns names, they control new (un)deployments)
this kind of access should be controlled and limited with a secured line like VPN or via RDS. Offering remote support to several customers from your own workstation is efficient but it should not compromise network security, via a HTTPS (since i believe v5 will be webserver based) is not an option since a hacker is already too far onto the network (discovered what antivirus u use, have a webserver he could hack, stuff like that) to be save…

EDIT REASON:

< 27-01-2010 i will edit-in every point that people will put in the list, so that there will be one list complete at the start of the thread, so nobody has to scroll thru all the postings

28-01-2010 added point 12

18-02-2010 added point 13

xx-xx-2010 added point 14

10-03-2010 added point 15

30-03-2010 added point 16 and 17 and 18

19-04-2010 added point 19 (collection of points) and commentary/concern on one of the points

12-6-2010 added point 20 (the biggest explanation is for Scythe, there is another point on the bottom of the message)

28-6-2010 added point 21

29-6-2010 added point 22 coming from what i classify as a bug mentioned in this thread (sorry Evangelists only

Hi WPN,

I agree with you, +1

My additional concerned is about engine updating for ADNM should be follow or same as like stand alone feature.
I don’t know is there any reason between ADNM with standalone version is different?

Then hopefully ADNM will available for Linux or Mac version too…

ALWIL team,

Again my concern about avast 5.0, for platform support.

As like i posted at : http://forum.avast.com/index.php?topic=54279.0

Whether avast 5.0 will support for all platform (Win XP/Vista/7/2000/Server) in the future?

Because other AV vendor doesn’t have any distinction to any platform of Windows based.

as extra point
8) make linux/mac clients managable via ADNM too (possibly port ADNM to linux/mac ? a lot of work i know)

point from yanto
9) make the engine/program updates process go through the normal way like the virus definitions do, instead of the way its done now by going to the windows software window click on uninstall the program and choose the update button instead of the uninstall button

@yanto
the support will come, i dont doubt it…
the installer checks which version windows is reporting it is, and in the installer there is a probably a hardcoded line that says if the version is not between XX and YY (where YY is lower then the version Windows Server is reporting) then dont install and come up with a message…
i do believe the v5 products can install on server but the results are not tested or unpredictable and therefor not supported. Therefor my point 5, more modular support so that the support can come as an update or something and therefor be brought out to the open faster then 2 years after RTM of an OS.

ps: at point 5 i think its better to use the word FASTER instead of BETTER support.

nice list wpn… couldn’t have said it better myself.

I’m sure I can think of some additional things for the new version of ADNM, I’ll post when I think of them.

Hi Wpn,

Nice information, if i have any additional information need to add your Whish List then will put in here again.

Anyway, i hope your wishes will be real by ALWIL team.

i welcome any input from you people, when u put it here i will edit it into the startpost

i wonder when this becomes a sticky thread

Since the blogposting states:

[b]# avast! Server Edition (including the plug-ins)[/b] – this product will be released in v5 (or 5.1) in Summer 2010. It will be based on the new engine, and will also feature (among other things) a server-side antispam. [b]# ADNM[/b] – this is a bit trickier. As our primary focus (as a company) is consumer and SME, we decided that for v5, we will build a brand-new management system specifically designed for small/medium business. It will be much easier to use and will have some other great improvements. There will be a separate blog post on it shortly. It is scheduled to ship sometime this summer. For large accounts, this will not be a good solutions though. We’re still looking into ways on how to make the current ADNM work with avast v5.

there will be a brand new management system, ok
release is summer 2010, YES!!!

but is there even a closer time indication?
Will there be beta tests?
Will the old license file work or do we need to request a new one at sales?

How much of the WISHLIST posting in my first posting will be granted to it, since i can read between the lines that there has been a lot of developping already on the ADNM product…

my BIGGEST wish/demand is to be able to chose where the mirror files are saved. Right now its in a directory in the installation folder, but this is extremely unwanted… because i either have to install the complete ADNM program on a seperate dynamic disk or risk the change that my C: drive will be pooped full and possibly crash…
i just want to see a seperation program data and usage data

thnx

maybe VLK can shed some light on it?

there will be a brand new management system, ok release is summer 2010, YES!!! :)

Here’s one that’s not specific to ADNM, and a bit of a restatement of an earlier point, but there’s absolutely no reason to distinguish between SBS and Windows Server proper. I understand the goal is to segment the market between small and large organizations, but many small businesses DON’T use SBS, and shouldn’t be penalized just because their Server doesn’t have the words “Small Business” in it. I can’t find a single example of a competing solution that imposes this penalty.

Edit:

1. Also, the ability to define exclusions for a specific computer/group, since this doesn’t currently seem to be possible.

2. Separate exclusion definitions for PUP/PUAs and Viruses. Administrators may need to use PUP/PUAs to verify license compliance (verify registration keys), or to monitor network traffic, etc. That doesn’t mean I want the AV to ignore PUP/PUAs in every folder, or the AV to ignore if/when one of these PUP/PUAs has been infected.

3. (Again, not specific to ADNM) – VM-friendly licensing terms, preferably including them at low or zero cost with a qualifying license on the host system. Yes, it would probably be easy to circumvent any restrictions, but let’s face it – honest people will stay honest, and dishonest people will find a work-around no matter what you do.

We gave wishes for the new console in September/october last year. There will be a new console and its being worked on now, however i can not for confidential reasons give you information on it

avosec.com

i read about some in the blog that VLK posted today

http://blog.avast.com/2010/02/11/avast-5-sbc-part-1/comment-page-1/#comment-3289

Today lot of mobile user using PDA or Smartphone, why not make the PDA or Smartphone client manageable via ADMN
just make a wish

added point 14

Hi WPN,

If possible please added to your ADNM 5 Wish List for Network Access Control (NAC) like Sophos or McAfee have it.

While I understand that you would like NAC - type qualities built in to avast, you could use Windows services to do the same. Take a look at these links:

http://technet.microsoft.com/en-us/network/cc983841.aspx

http://www.windowsnetworking.com/articles_tutorials/Understanding-new-Windows-Server-2008-Network-Policy-Server.html

Hi Scythe944,

As i know, avast! itself already have this features but only supported with Cisco NAC.

But what does i mean, if possible that avast! re-built with more comprehensive and full performance not only support with Cisco.

Cheers,

I’d like them to add the ability for ADNM to automatically check for upgrades, and at least notify the user that they are available.

Also, I’m sick of MSDE and MS SQL in general. The management tools for the free versions suck at best.

Can we use MySQL instead? The free version should work just fine, and the management tools that are available for free are great. They’re easy to use and learn. Plus, we wouldn’t have the issue of having multiple services using the one sql database. For instance, in a SBS server, you have sharepoint, WSUS, and sometimes Monitoring and Reporting all using one instance of MSDE (I think). If that database goes down, everything gets screwed up.

• When you uninstall a netclient, it must be delete from the Computer Catalog.
• When a task is running in a netclient and the netclient is power off, ADNM must change the status of the task to “uncompleted” or something like this. Maybe, restarts the task when computer is on again.
• Automatic refresh, not F5.
• Console direct access from Internet, not opening ports. To give support to customers.
• Manual Mirror run from ADNM Console.
• Send an email alert when mirror is not updates in 24 hours.
• Improve reports.
• Can create MSI packages in a shared folder on other machine with a normal user.
• Improve time to install first mirror from Internet during installation.
• Improve access to remote virus chest to restore files, send infected files to ALWIL, etc.
• In PC properties a “Infected Files History”.
• Can see the licenses number from the ADNM Console.

I totally agree. Remember the frustrations I had, and you helped me? ;D

Automatically checking for updates and to be able to just download and install over the current version. Now THAT would be sweet. And of course,
all the stuff wpn said, (of which about half I couldn’t understand :o)

Nice list. Don’t really see the need for “Can create MSI packages in a shared folder…” but I’m sure the need may arise for some people.

I’d really like the Manual mirror run from the console, but you can do that just by typing mirror.exe in cmd prompt when you are in the Avast directory. Still, it could be easier.