Hi ESET Community,
ESET AU support is taking a little bit longer than I'd like to get back to me (because I'm admittedly rather impatient.)
I am currently investigating rolling out ESET EndPoint antivirus to a domain of 50+ computers.
We have a document containing what ESET identifies as Win32/Kryptic.EMBF that I'm currently using for testing, as we had a PC recently infected via this document.
When emailled to me yesterday, this document was collected from my email and moved to infected items (which I expect). The copy in a folder on my desktop was also picked up and removed when accessing the directory in question.
I subsequently installed EndPoint antivirus on my Manager's machine with the same policies, and did the same as a demonstration, however unfortunately, it was not picked up in his email, nor in a folder on his desktop.
What is more worrying is that my manager has re-sent the file to me today, and while it was previously detected on this PC, in this case it was not detected by ESET EndPoint Secuirty. I have also saved and opened the infected document with no interference from ESET.
No alterations have been made to the configuration of my PC
the item has not been marked as safe
no directories are ignored
Email scanning is enabled
Realtime protection is enabled
Document scanning is enabled
Both PUA options are enabled
Detection of suspicious applications is enabled.
Scanning the file manually, the log entries are as follows: