filips

Hi, MS help says "The Warning event indicates that Exchange anti-spam agents are enabled and that the list of internal Simple Mail Transfer Protocol (SMTP) servers is empty." (https://technet.microsoft.com/en-us/library/ff359741(v=exchg.140).aspx) Are you sure the event is caused by EMSX? Because all EMSX does is register transport agents - that means no changes to list of internal SMTP servers or Exchange anti-spam agents.

Hi, Database protection is not available on Exchange 2013 and newer. We used a scanning API that is discontinued - only on-demand database scan is available on newer versions of Exchange.

Hi ocs, run eshell and open "Server" context and enter "mail-quarantine?". This will show you help. To see deleted items run "mail-quarantine deleted" - each item has unique ID. To restore deleted item run "restore mail-quarantine 123" - replace 123 by ID of your item.

Hi ronmanp, If you don't have the latest EFSW version please try upgrading (https://forum.eset.com/topic/12540-eset-file-security-for-microsoft-windows-server-version-65120100-has-been-released/) If it doesn't help, you can try removing Web and email protection completely - just run installer > Modify > uncheck Web and email

Hi mrbadger81, You can use "Sender's domain" "contains / contains one of" "wxyz.com" to block all domains that contain 'wxyz.com" or use "Sender's domain" "is / is one of" "abcd.wxyz.com" to block particular domain

Hi, 1) ESET mail security does not have per user blacklist/whitelist 2) Safe senders set in Outlook will be whitelisted if "Use Exchange Server whitelists to automatically bypass antispam protection" enabled

Hi V2TW, 1. Not in current version 2. Yes, you can see the reason in detail form of each quarantined mail or in web interface if logged in as quarantine admin, e.g.

Rules analyze files inside containers as well (e.g. zip/docx..). You should check your pdf files - they may contain blocked files.

Hi Daniëlw, all important events/warnings/errors should be recorded in log. I think you stumbled upon a bug - i agree that GUI alert is not sufficient in your scenario. ERA will help you get all alerts and notifications (until the problem is fixed).

Hi, it includes all blacklists/whitelists that work with IP address

Hi Daniëlw, Email notifications work without remote administrator. If you don't receive notifications then it is probably related to your settings. You can set "Interval after which new notification emails will be sent (min)" to 0 for testing and send an email with eicar. This should generate notification.

Hi, you can use Ignored lists to exclude some (irrelevant) information from classification. This is useful in more cases, e.g.: False positive - If you receive email from some provider that got to cloud blacklist, all email from this provider will be marked as spam. You can add IP/domain to ignored list to ignore this piece of information but still evaluate antispam. Exclude IP addresses of servers that are part of your infrastructure. IP address of your server may become whitelisted causing all mail coming from this server marked as ham. * we will fix the KB article

Hi, The manual is right - CU4 is not supported because of this problem https://support.microsoft.com/en-us/help/2938053/third-party-transport-agents-cannot-be-loaded-correctly-in-exchange-server-2013

Rule settings are on page Advanced setup/Server protection/Rules 1. Add new rule 2. Select conditions - By message subject, By message sender 3. Enter values that you want to block 4. Select action + check Log (you can test it with No action for a while) more info http://download.eset.com/manuals/eset_emsx_45_userguide_enu.pdf

Hi, you can create a rule to block messages with specific subject and sender