ESET Staff
  • Content count

  • Joined

  • Last visited

  • Days Won


filips last won the day on April 6

filips had the most liked content!

About filips

  • Rank

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

1,073 profile views
  1. Hi Gregor, 1. Best practice is installing on every supported role 2. It's not possible to select protected mailboxes - we will count all mailboxes reported by mailbox count tool. It is possible to skip scanning of some mailboxes using rules but it has no effect on licensing.
  2. Hi, there are 2 options: 1. using Mail transport rules in EMSX - create a rule with action "Log to events" - can log only limited set of message properties 2. contact your local customer care to get information how to enable logging of all messages to mailserver protection log
  3. Hi, i meant transport rules in ESET Mail Security (You can find them in EMSX/advanced settings/Server/Rules) - there is an option to log into EMSX events log (more info: You are right - quarantine report is only sent if there is something in user's quarantine. If released/deleted the mail will stay in "trash" for a period specified by setting "Clear deleted files after" in advanced settings/Server/Quarantine. It can be recovered using eShell.
  4. Hi Michelle, Does the web page quarantine automatically update? No Is there a log of all processed mail? There is a log of all modified mail - "Mailserver protection" log, but You can create a transport rule to log all processed mail. The quarantine report does not seem to be sending, where do I check that? I don't know the steps You already did, but generally: 1. Create scheduled task "Send mail quarantine reports" 2. Select a user to test it on 3. Send a spam mail with GTUBE string to this user 4. Make sure the mail is in quarantine (check quarantine manager or mailserver log) 5. Right click Your task in Scheduler and hit "Run now" If You don't receive the report within few minutes then temporarily enable diagnostic logging in Setup/Tools and repeat steps 3-5
  5. Hi, open logs/mail server protection and double click your log record to open detail dialog. You should see something like: "Rule Activated: Dangerous executable file attachments" Attachment name is not visible in the mailserver log when scanning on transport - please go to logs/detected threats and find matching log record. Open detail dialog and check column "Object" - you should see all objects deleted from a particular mail
  6. Hi, You should contact Your local ESET customer care - they can remove the domain/IP from cloud blacklist. In the meantime, You can add the domain to "Server/Antispam protection/Filtering and verification/Approved Domain to IP list"
  7. Hi, MS help says "The Warning event indicates that Exchange anti-spam agents are enabled and that the list of internal Simple Mail Transfer Protocol (SMTP) servers is empty." ( Are you sure the event is caused by EMSX? Because all EMSX does is register transport agents - that means no changes to list of internal SMTP servers or Exchange anti-spam agents.
  8. Hi, Database protection is not available on Exchange 2013 and newer. We used a scanning API that is discontinued - only on-demand database scan is available on newer versions of Exchange.
  9. Hi ocs, run eshell and open "Server" context and enter "mail-quarantine?". This will show you help. To see deleted items run "mail-quarantine deleted" - each item has unique ID. To restore deleted item run "restore mail-quarantine 123" - replace 123 by ID of your item.
  10. Application Statuses

    Hi ronmanp, If you don't have the latest EFSW version please try upgrading ( If it doesn't help, you can try removing Web and email protection completely - just run installer > Modify > uncheck Web and email
  11. Hi mrbadger81, You can use "Sender's domain" "contains / contains one of" "" to block all domains that contain '" or use "Sender's domain" "is / is one of" "" to block particular domain
  12. Hi, 1) ESET mail security does not have per user blacklist/whitelist 2) Safe senders set in Outlook will be whitelisted if "Use Exchange Server whitelists to automatically bypass antispam protection" enabled
  13. Hi V2TW, 1. Not in current version 2. Yes, you can see the reason in detail form of each quarantined mail or in web interface if logged in as quarantine admin, e.g.
  14. Rules analyze files inside containers as well (e.g. zip/docx..). You should check your pdf files - they may contain blocked files.
  15. Hi Daniëlw, all important events/warnings/errors should be recorded in log. I think you stumbled upon a bug - i agree that GUI alert is not sufficient in your scenario. ERA will help you get all alerts and notifications (until the problem is fixed).