Jump to content


ESET Staff
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by filips

  1. You can create a new policy (it will be in default state) and apply only some changes to settings. And/or you can also use the policy to force the default value - so it cannot be changed using UI on client. Some resources: https://support.eset.com/kb5928/?viewlocale=en_US https://support.eset.com/kb3594/?locale=en_US
  2. Hi, 1. You cannot delay an email, supported actions are: quarantine mail/reject mail/drop mail/delete attachment/quarantine attachment 2. Yes - Blocked senders list can be found in Server/Antispam protection section of advanced settings 3. You can create a transport rule to do that
  3. That's true - You don't need to apply any policy to run the product with default configuration
  4. Hi, as i wrote in my previous post EFSW should disable Windows Defender after installation - you can check registry and UI to see if it was done. However, the Windows Defender Service will be still running.
  5. Hi, all ESET server products are designed to run fine with the default configuration. We don't have any additional configuration steps for domain controllers. The policy you mentioned is definitely not a best-practice for EFSW deployments. You would sacrifice some security features for performance - while it disables some less important protections (e.g. Web and email), it disables HIPS as well.
  6. Hi, it is recommended to uninstall Windows Defender before installing ESET server products. However, if Defender is present after EFSW installation, it will be automatically disabled just like it's described in this article
  7. Hi, If you are interested in collecting data on servers, maybe you could change the product to ESET File Security for Windows Server (EFSW) - our product intended for servers. EFSW supports WMI (http://help.eset.com/efsw/6.5/en-US/idh_config_wmi_provider.htm) and ships with ESET Shell - command line interface (http://help.eset.com/efsw/6.5/en-US/work_eshell.htm)
  8. Just run installer (e.g. from control panel) and Hit modify: http://help.eset.com/efsw/6.5/en-US/index.html?installation_steps.htm
  9. Hi, Web and email protection is not a part of Typical installation on Windows 2008, you can modify your installation and add it. Just make sure you have this hotfix installed: https://support.microsoft.com/en-us/kb/2664888
  10. Hi Gregor, 1. Best practice is installing on every supported role 2. It's not possible to select protected mailboxes - we will count all mailboxes reported by mailbox count tool. It is possible to skip scanning of some mailboxes using rules but it has no effect on licensing.
  11. Hi, there are 2 options: 1. using Mail transport rules in EMSX - create a rule with action "Log to events" - can log only limited set of message properties 2. contact your local customer care to get information how to enable logging of all messages to mailserver protection log
  12. Hi, i meant transport rules in ESET Mail Security (You can find them in EMSX/advanced settings/Server/Rules) - there is an option to log into EMSX events log (more info: http://help.eset.com/emsx/6.5/en-US/index.html?idh_wizard_rules_list.htm) You are right - quarantine report is only sent if there is something in user's quarantine. If released/deleted the mail will stay in "trash" for a period specified by setting "Clear deleted files after" in advanced settings/Server/Quarantine. It can be recovered using eShell.
  13. Hi Michelle, Does the web page quarantine automatically update? No Is there a log of all processed mail? There is a log of all modified mail - "Mailserver protection" log, but You can create a transport rule to log all processed mail. The quarantine report does not seem to be sending, where do I check that? I don't know the steps You already did, but generally: 1. Create scheduled task "Send mail quarantine reports" 2. Select a user to test it on 3. Send a spam mail with GTUBE string to this user 4. Make sure the mail is in quarantine (check quarantine manager or mailserver log) 5. Right click Your task in Scheduler and hit "Run now" If You don't receive the report within few minutes then temporarily enable diagnostic logging in Setup/Tools and repeat steps 3-5
  14. Hi, open logs/mail server protection and double click your log record to open detail dialog. You should see something like: "Rule Activated: Dangerous executable file attachments" Attachment name is not visible in the mailserver log when scanning on transport - please go to logs/detected threats and find matching log record. Open detail dialog and check column "Object" - you should see all objects deleted from a particular mail
  15. Hi, You should contact Your local ESET customer care - they can remove the domain/IP from cloud blacklist. In the meantime, You can add the domain to "Server/Antispam protection/Filtering and verification/Approved Domain to IP list"
  16. Hi, MS help says "The Warning event indicates that Exchange anti-spam agents are enabled and that the list of internal Simple Mail Transfer Protocol (SMTP) servers is empty." (https://technet.microsoft.com/en-us/library/ff359741(v=exchg.140).aspx) Are you sure the event is caused by EMSX? Because all EMSX does is register transport agents - that means no changes to list of internal SMTP servers or Exchange anti-spam agents.
  17. Hi, Database protection is not available on Exchange 2013 and newer. We used a scanning API that is discontinued - only on-demand database scan is available on newer versions of Exchange.
  18. Hi ocs, run eshell and open "Server" context and enter "mail-quarantine?". This will show you help. To see deleted items run "mail-quarantine deleted" - each item has unique ID. To restore deleted item run "restore mail-quarantine 123" - replace 123 by ID of your item.
  19. Hi ronmanp, If you don't have the latest EFSW version please try upgrading (https://forum.eset.com/topic/12540-eset-file-security-for-microsoft-windows-server-version-65120100-has-been-released/) If it doesn't help, you can try removing Web and email protection completely - just run installer > Modify > uncheck Web and email
  20. Hi mrbadger81, You can use "Sender's domain" "contains / contains one of" "wxyz.com" to block all domains that contain 'wxyz.com" or use "Sender's domain" "is / is one of" "abcd.wxyz.com" to block particular domain
  21. Hi, 1) ESET mail security does not have per user blacklist/whitelist 2) Safe senders set in Outlook will be whitelisted if "Use Exchange Server whitelists to automatically bypass antispam protection" enabled
  22. Hi V2TW, 1. Not in current version 2. Yes, you can see the reason in detail form of each quarantined mail or in web interface if logged in as quarantine admin, e.g.
  23. Rules analyze files inside containers as well (e.g. zip/docx..). You should check your pdf files - they may contain blocked files.
  24. Hi Daniëlw, all important events/warnings/errors should be recorded in log. I think you stumbled upon a bug - i agree that GUI alert is not sufficient in your scenario. ERA will help you get all alerts and notifications (until the problem is fixed).
  25. Hi, it includes all blacklists/whitelists that work with IP address
  • Create New...