filips
ESET Staff-
Posts
160 -
Joined
-
Last visited
-
Days Won
3
Everything posted by filips
-
One more thing i forgot to mention: You can (should ) use rule action "Log to events" for some time to check if the rule works correctly before enabling action like reject/drop/quarantine
-
Hi davidenco, The SPF check is evaluated using domain from HELO or MAIL FROM. It does not protect You against spoofing of "From" header. This means that if the sending domain (in HELO or MAIL FROM) does not have SPF record or has a valid SPF record, the mail is valid even if it is spoofing your domain in From header (it could be a valid mail forwarder). This problem can be solved by using DMARC: https://blogs.technet.microsoft.com/eopfieldnotes/2015/02/26/using-dmarc-to-prevent-spoofing/ You could also create a transport rule like this: Conditions: Message headers match regular expression \nFrom: .*@OurDomain.co.uk Sender's IP address is not one of (list of your IPs or IPs that are allowed to send mail for your domain) Actions: Quarantine message Or something like this: Conditions: Message headers match regular expression "\nFrom: .*@OurDomain.co.uk" Message headers do not match regular expression "\nReply-To: .*@OurDomain.co.uk" Actions: Quarantine message
-
ESET Mail Security block non-existing domains
filips replied to Aleksander's topic in ESET Products for Windows Servers
Hi, this option is not available -
You can create a new policy (it will be in default state) and apply only some changes to settings. And/or you can also use the policy to force the default value - so it cannot be changed using UI on client. Some resources: https://support.eset.com/kb5928/?viewlocale=en_US https://support.eset.com/kb3594/?locale=en_US
-
ESET Mail Security Function
filips replied to Ali Akbar's topic in ESET Products for Windows Servers
Hi, 1. You cannot delay an email, supported actions are: quarantine mail/reject mail/drop mail/delete attachment/quarantine attachment 2. Yes - Blocked senders list can be found in Server/Antispam protection section of advanced settings 3. You can create a transport rule to do that -
Hi, all ESET server products are designed to run fine with the default configuration. We don't have any additional configuration steps for domain controllers. The policy you mentioned is definitely not a best-practice for EFSW deployments. You would sacrifice some security features for performance - while it disables some less important protections (e.g. Web and email), it disables HIPS as well.
-
ESET Endpoint Antivirus Logs DAT under eScan
filips replied to MrD's topic in ESET Products for Windows Servers
Hi, If you are interested in collecting data on servers, maybe you could change the product to ESET File Security for Windows Server (EFSW) - our product intended for servers. EFSW supports WMI (http://help.eset.com/efsw/6.5/en-US/idh_config_wmi_provider.htm) and ships with ESET Shell - command line interface (http://help.eset.com/efsw/6.5/en-US/work_eshell.htm) -
EFS Windows Server on RDS email protection?
filips replied to roga's topic in ESET Products for Windows Servers
Just run installer (e.g. from control panel) and Hit modify: http://help.eset.com/efsw/6.5/en-US/index.html?installation_steps.htm -
EFS Windows Server on RDS email protection?
filips replied to roga's topic in ESET Products for Windows Servers
Hi, Web and email protection is not a part of Typical installation on Windows 2008, you can modify your installation and add it. Just make sure you have this hotfix installed: https://support.microsoft.com/en-us/kb/2664888 -
ESET Mail Security for Microsoft Exchange
filips replied to Gregor's topic in ESET Products for Windows Servers
Hi Gregor, 1. Best practice is installing on every supported role 2. It's not possible to select protected mailboxes - we will count all mailboxes reported by mailbox count tool. It is possible to skip scanning of some mailboxes using rules but it has no effect on licensing. -
Mail Security for Windows questions
filips replied to Michelle911's topic in ESET Products for Windows Servers
Hi, i meant transport rules in ESET Mail Security (You can find them in EMSX/advanced settings/Server/Rules) - there is an option to log into EMSX events log (more info: http://help.eset.com/emsx/6.5/en-US/index.html?idh_wizard_rules_list.htm) You are right - quarantine report is only sent if there is something in user's quarantine. If released/deleted the mail will stay in "trash" for a period specified by setting "Clear deleted files after" in advanced settings/Server/Quarantine. It can be recovered using eShell. -
Mail Security for Windows questions
filips replied to Michelle911's topic in ESET Products for Windows Servers
Hi Michelle, Does the web page quarantine automatically update? No Is there a log of all processed mail? There is a log of all modified mail - "Mailserver protection" log, but You can create a transport rule to log all processed mail. The quarantine report does not seem to be sending, where do I check that? I don't know the steps You already did, but generally: 1. Create scheduled task "Send mail quarantine reports" 2. Select a user to test it on 3. Send a spam mail with GTUBE string to this user 4. Make sure the mail is in quarantine (check quarantine manager or mailserver log) 5. Right click Your task in Scheduler and hit "Run now" If You don't receive the report within few minutes then temporarily enable diagnostic logging in Setup/Tools and repeat steps 3-5 -
Hi, open logs/mail server protection and double click your log record to open detail dialog. You should see something like: "Rule Activated: Dangerous executable file attachments" Attachment name is not visible in the mailserver log when scanning on transport - please go to logs/detected threats and find matching log record. Open detail dialog and check column "Object" - you should see all objects deleted from a particular mail
-
Mail Security quarantining valid emails
filips replied to sos4eset's topic in ESET Products for Windows Servers
Hi, You should contact Your local ESET customer care - they can remove the domain/IP from cloud blacklist. In the meantime, You can add the domain to "Server/Antispam protection/Filtering and verification/Approved Domain to IP list" -
Hi, MS help says "The Warning event indicates that Exchange anti-spam agents are enabled and that the list of internal Simple Mail Transfer Protocol (SMTP) servers is empty." (https://technet.microsoft.com/en-us/library/ff359741(v=exchg.140).aspx) Are you sure the event is caused by EMSX? Because all EMSX does is register transport agents - that means no changes to list of internal SMTP servers or Exchange anti-spam agents.
-
Restore deleted Mails from local quarantine
filips replied to ocs's topic in ESET Products for Windows Servers
Hi ocs, run eshell and open "Server" context and enter "mail-quarantine?". This will show you help. To see deleted items run "mail-quarantine deleted" - each item has unique ID. To restore deleted item run "restore mail-quarantine 123" - replace 123 by ID of your item. -
Hi ronmanp, If you don't have the latest EFSW version please try upgrading (https://forum.eset.com/topic/12540-eset-file-security-for-microsoft-windows-server-version-65120100-has-been-released/) If it doesn't help, you can try removing Web and email protection completely - just run installer > Modify > uncheck Web and email