New features

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

XDR response for identities

You can now take direct response actions on affected identities in incident details originating from Microsoft Entra ID and Microsoft Active Directory integrations. All tasks are automatically tracked, and you can monitor their status in more detail in the new XDR Tasks subsection under Tasks. Learn more

Automated cloud integration and VM protection deployment

You can now onboard your public cloud environments – Microsoft Azure, Amazon Web Services, and Google Cloud Platform – through a fully automated integration process. This new capability streamlines how virtual machines are discovered and managed across all connected cloud accounts.

Once integrated, ESET PROTECT enables the deployment of agent‑based protection to virtual machines. This reduces onboarding time, eliminates configuration overhead, and ensures a consistent security posture across your multi-cloud infrastructure.

In addition, cloud‑level indicators collected from your integrated cloud environments now flow directly into XDR. This expands your visibility by enriching investigations with cloud‑native telemetry.

Note: Supported operating system distributions may differ from those supported by ESET Server Security for Linux. For the list of supported Linux versions, follow the Online Help. Learn more

Response actions in the incident graph

We've enhanced the incident graph with a right‑click context menu that allows analysts to run response actions directly on selected objects. This enables faster response by allowing immediate actions on specific devices, executables, or processes during an investigation. Learn more

Incident report generation

You can now generate a PDF report from any selected incident. This makes it easy to export key details such as correlated indicators, affected assets, and timeline. These reports can be used for internal sharing, compliance reviews, audits, communication with external authorities, documenting incident closure, or maintaining evidence for post‑incident analysis. Learn more

Manual ransomware rollback

You now have manual control over ransomware rollback, allowing you to initiate file recovery even when suspicious activity occurs without triggering a detection. This gives you added flexibility and ensures that you can restore files whenever needed. Learn more

End of Life for VMware Workspace ONE

Support for VMware Workspace ONE as an MDM solution is planned to be removed. Starting with ESET PROTECT 7.1, the console will display notifications informing you that this integration is scheduled for End of Life in ESET PROTECT 7.3. This early communication helps you prepare for the transition ahead. Learn more

Manual incident creation from indicators

We've added the ability to create incidents manually by selecting the indicators that users want to group together and investigate as an incident. There will also be an option to add indicators to existing incidents. Learn more

Feature parity with ESET MDR

We've extended the reporting section with automated ESET MDR Ultimate weekly and monthly reports, which will be available via the Report Archive tab as well. You'll also receive a quarterly Threat Report alongside the monthly report as an attachment.

In addition to these reports, you now have the option to configure critical assets on the Configuration tab in Basic setup. We'll also trigger notifications for you in situations where user action is requested or required during service delivery. Learn more

Other improvements and bug fixes

Find out what else has been improved in the changelog.

˄˅