[ESET mail notification on quarantine objects]

Users are only permitted to release spam emails, emails quarantined by content rules or by antivirus can only be released by administrator. This behavior is by design.

Maybe this is the problem in your case? If you are just testing the quarantine, you can use GTUBE string to quarantine email as spam.

[ESET mail notification on quarantine objects]

Hi,

You can enable quarantine web interface to allow users manage their quarantined emails. (http://help.eset.com/emsx/6.5/en-US/index.html?idh_xmon_quarantine_web.htm)

You can also add "Send mail quarantine reports" task in tools/scheduler, which will send reports to selected users periodically. (http://help.eset.com/emsx/6.5/en-US/index.html?idh_scheduler_task_qreports.htm)

 

[ESET Sharepoint 6.5. (Unable to access some of the SharePoint web site objects)]

1)      Please, install ESHP 6.5.15006.0, which should resolve these errors seen in the logs: „ERROR 'SHARED_MEM_ERROR', object: SharePoint Agent: Reading updated memory size of stream failed.“

2)     BTW: You need to run the SHPIO under the same account as provided to our product. The SHPIO10 error looks like one reported when executing incorrect version (i.e. incompatible with the .NET used by the SharePoint). Did you run it from command line? Did it write anything to command line before/after the crash? Try executing SHPIO07 or 13 instead. Did it help?

If there are still problems, please, open a support ticket and provide logs collected with ESET Log Collector.

 

[ESET Sharepoint 6.5. (Unable to access some of the SharePoint web site objects)]

Hi,

Try running:
„shpioXX.exe displaystructure“ where XX is the number of your Sharepoint version (07,10,13).
Any errors?

You could also try looking for errors into SHPIO*.log diagnostic files in „%ProgramData%\ESET\ESET Security\Diagnostics\SharePoint\“

[EMSX - Drop emails that are sent to addresses that dont exist]

Hi wolflord,

You can use mail transport rules to achieve this, e.g.:

Conditions:
Internal message - False
Recipient validation result - is - Contains invalid recipients
Recipient validation result - is not - Contains valid recipients

Actions:
Log to events/Drop/Reject

I suggest to do some testing with "Log to events" or "Reject message" action for some time and check logs if the rule works correctly.

NOTE: Drop message action has one disadvantage - if a sender makes a typo in the email address, even a valid mail will be dropped (e.g. john.doe@mydomain.com vs. jonh.doe@mydomain.com)

 

[Filesecurity notification "Anti-Phishing"]

Hi,

I'm not sure if this is what you're looking for, but there is a new feature in 6.5 products - you can choose which application statuses are shown on the server and which are transferred to ERA:

http://help.eset.com/efsw/6.5/en-US/index.html?idh_config_disabled_statuses_dialog.htm

 

[ekrn.exe consume 40% CPU since 3 days]

Hi Jonathan,

you could also try upgrading your EFSW to 6.4 and check if the issue persists

[Setting a NOT condition to a rule]

Hi,

this is probably a known issue of 4.5 - when VSAPI evaluates rules, it may use two values of sender - email address and display name. In that case the NOT operator does not work as expected.

try something like this:
NOT email@address.com AND NOT "display name"

(both display name and email address used by VSAPI can be seen in log after enabling diagnostic logging)

[Adjust spam score actions-triggers]

Hi Tridec,

There is no spam score in EMSX v6. New antispam engine returns only ham/spam result. To change the action use "Action to take on spam message" setting.

[Error during startup on Server 2016 with IIS]

Check this thread:

I think you are having the same problem

[Windows Server 2016 server protection error]

Hi jadorwin,

this error means that automatic exclusions for IIS were not generated because our current server products do not recognize IIS 10. This will be fixed soon.

You can add these exclusions manually to Advanced setup/Computer/Exclusions:

The default values are:
"c:\inetpub\logs\logfiles\*\*.log", "c:\inetpub\temp\IIS Temporary Compressed Files\*.*"
(more info here: https://blogs.technet.microsoft.com/raymond_ris/2014/01/16/windows-antivirus-exclusion-recommendations-servers-clients-and-role-specific/)

If you don't want to see the error in logs, you can disable Microsoft Internet Information Services under Advanced setup/Computer/Automatic exclusions

[ESET Mail Security and message headers]

Hi CraigB,

setting "Write scan results to message headers" can only be enabled/disabled, you cannot choose any subset of messages (e.g. incomming). If these headers are causing you problems then you will have to disable them completely.

If you still want to keep the scan results in headers, then you could create some custom rules. Something like this:

Conditions:
Internal message: False
Antispam scan result: Spam

Actions:
Add header field: "X-MY-AS-HEADER: SPAM"
Evaluate other rules

[Windows server 2016]

Products have already been released:

ESET Security for Microsoft SharePoint Server version 6.4.15015
ESET Mail Security for IBM Domino version 6.4.14024
ESET Mail Security for Microsoft Exchange Server version 6.4.10011
ESET File Security for Microsoft Windows Server version 6.4.12004

[Can not send email notification on Eset email exchange 6]

I just created the same rule as you in my test environment and received the notification

Please test your "Email notifications" settings by sending an email with eicar file. You should receive malware notification. if you don't then these settings are not correct or there is a problem with SMTP server

[Can not send email notification on Eset email exchange 6]

it should work in both cases:

[Can not send email notification on Eset email exchange 6]

Hi hungtt,

Please make sure that the severity of "Send email notification" action is higher or equal to "Minimum verbosity for notifications" set in email notifications

it should be set to warning in your case (or lower the "Minimum verbosity for notifications")

[Mr]

Make sure you met the minimum system requirements - Microsoft Windows Server 2003 SP2

[delete virus laden messages instead of cleaning and forwarding]

Hi,

you can disable cleaning (Server protection/Antivirus and antispyware/ThreatSense setup) and set "Action to take if cleaning not possible" to "Delete message" (Server protection/Antivirus and antispyware/Transport agent)

[Mail Security vs Eset Outlook Add-in]

Hello nardog,

Outlook add-in can catch threats that are already in your mail database, e.g. if a threat was not detected at the time of scanning by mail transport protection (and is detected after virus signature database update)

[EFS runs too many scans]

Hi,

 

which version of EFSW do you use?

Please try changing the setting "If task was skipped the next run should occur" to "At next scheduled time". Does it help?

[ESET Mail Security for Microsoft Exchange Server can not filter message body]

Hi hungtt,

there is no support for filtering based on keywords in message body. This feature is planned for next major version of EMSX.

To search in body, you can only use Blocked body domain list (Antispam/Filtering and verification) to block emails with some domains in body.

[Unable to update ESET File Security V.6.4]

We've received more support cases regarding activation recently. These problems were fixed a few days ago, are you still experiencing the problem with activation/update?

[ESET Mail Security on Exchange 2004 Not blocking Failed RDNS spam]

Version 4.5 of EMSX didn't support message headers rule.

BTW. EMSX 6.4 runs on Exchange 2003 or newer

[Internal Server Error]

Hi Lenif,

which version of File Security do you use?

 

Please check "Events" log in File Security, errors should be logged there. How often do these errors occur?

[Upgraded to ESMX 6.4 from 4.5, no spam score in logs]

Hi TedGlass,

There is no spam score column in EMSX v6.

If you receive spam that is not caught by AS protection please collect some samples and submit them to support.