Jump to content

frapetti

Members
  • Posts

    19
  • Joined

  • Last visited

Everything posted by frapetti

  1. By the way, the reason, is still: "IP (190.61.219.106) found on cloud black list 1". Are you sure that this IP is NOT blacklisted? If so, then how can this be the reason? I recently updated to EMSX 7.3.10011.0 , if that's of any help. I opened a support ticket with zma.la , but i could open a ticket with ESET directly, if you give me instructions on how to do that.
  2. Very clear, thanks. It should be explained like this on the help pages. It seems like their email provider is sending from an IP (190.61.219.106) not associated with estudio-santoianni.com.ar in DNS. I advised them to discuss this with their email provider. Still, i thought that adding the domain to the "ignored body domain list" would allow mails coming from any @estudio-santoianni.com.ar addresses to go through, regardless of the sending IP address, but it still gets quarantined. I thought that it was a simple string check, but agains what field(s) is EMSX checking the domains from this list? Against the sending email address? or "received: from" records? or maybe somewhere else? How does this list work, exactly? Regards
  3. Now I see that ESET is also quarantining mails from the accounting firm: estudio-santoianni.com.ar The reason, is: "IP (190.61.219.106) found on cloud black list 1". I even added the domain to "approved domain to IP list" and to "ignored body domain list", but it's still getting quarantined. How is that possible?
  4. Thanks. Since i whitelisted the domain, no messages from them were quarantined anymore. That means that ESET will take no action based on the IP address of the sender, but still perform all other spam checks on the message contents? Then i assume that any blacklist check is not performed?
  5. Hi, We recently had to whitelist emails from one of our providers ( falconmx.com ), because Mail Security detected it as SPAM. The reason was "IP (138.128.164.234) found on cloud black list 1". What exactly is "cloud black list 1"? If i do a blacklist check for that domain, it seems to be only listed on the UCEPROTECTL3, which lists entire ISPs for "bad reputation". But no one should block an email only because of that. Some of that lists are more important than others. A list of domains caught sending SPAM (for example, by spamtrapping) should be a lot more important than a list of ISPs with bad reputation, or lists of alledgedly dynamic IPs (in fact, only the ISPs themselves know which of their IP ranges are dynamically assigned). There are many companies with legitimate mail servers whose ISPs have "bad reputation". We considered adding it to "Ignored Domain to IP list", but the list description looks confusing: "List of domains that resolves to IP addresses which in turn will not be checked during classification. SPF records are being recognized when resolving IP addresses". What does "not checked during classification" means? How is "not checked" different from whitelisted? If only some of the tests are skipped, which tests are skipped, and which ones do still run? Regards
  6. That would be great, thanks. Do you need some info from us to check that?
  7. No. When we buyed the product 3 years ago, we were assigned to an eset partner named "globalgate". Now that we needed to renew, we talked to them again. That's the usual procedure, right?
  8. We approved the budget on january 20. The seller told us to wait as they started the process. On january 28 they sent us the data for payment. The following day it was payed. How long could this take? People are a little uneasy about the "loose protection" notifications. Should i tell them to not worry about this, then? Regards
  9. Hi, We are in the process of renewing our license. Already payed to our eset representative, but very close to the end date. Our license expired this month. I see that updates are still downloading, even when expired. What is the grace period for this, as to know how much time this can take before it becomes a real problem? Can this be speeded up? What happens after the grace period? The product stop downloading updates, but keeps working? Do we need to do any reconfiguration, or the license's date is just updated by eset and requires no technical intervention from us? Regards
  10. For what i readed, SQL Server Native Client (SSNC) shouldn't be used anymore for new developments, and instead use new clients that replaced it. That's why there aren't any new SSNC versions. The last one was from 2012. Maybe ESET could do that, and then the problem would go away. See: https://docs.microsoft.com/en-us/sql/connect/connect-history?view=sqlallproducts-allversions
  11. That's dissapointing. If I had known about the limitations, i would have stayed in ELA, even if there's no link from the ESMC console to access ELA anymore.
  12. I just upgraded to ESMC 7 and it sent me to the EBA page, where i migrated from ELA. However, i don't even find a way to sort the list of devices in EBA, something that i could do in ELA, and that is very important for finding duplicate devices. Can this be done somehow on EBA?
  13. I think that i found a better solution: i used wmic to remotely uninstall the agent, with the following command: /user:username /node:"computername" product where name="ESET Remote Administrator Agent" call uninstall Then used the ESET Remote Deployment Tool to remotely install the All-in-one package. That worked very well on two computers. The whole unistall/reinstall process only required one reboot after the new version of ESET Endpoint Security was installed. EDIT: However, several computers don't have the agent available in the add/remove software list, and so the wmic option isn't available for them.
  14. What do you mean by endpoint installation? Something like re-installation of the OS, or the ESET Antivirus software? In my case, i had to remove the Agent, then install a new one.
  15. Thanks, so if i understood this correctly, the ignored lists will only cause the status of external blacklists to be ignored, but the antivirus will still check the message locally for spam. This includes blacklists like spamhaus, or just the ESET cloud blacklists?
  16. What if a computer is duplicated on the console, because it's agent had to be reinstalled? When removing the old computer from the console, should i deactivate the products, or not?
  17. Hi, I'm having some problems upgrading from v6.4 to v6.5. Fortunately, the ERA server upgraded without issues, but when trying to upgrade the Agents with the "Remote Administrator Components Upgrade" client task from ERA console, the task failed on several computers. I then tried to upgrade the agent locally on the computers by manually running the stand-alone agent installer with the install_config.ini created by the console for GPO deployment, but it failed with the following error: Service 'ESET Remote Administrator Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services. (see attached image). The user running the msi agent installer was an enterprise administrator, and it certaintly had privileges to stop any kind of service, however it could not stop the agent service or kill the process. I think that something went wrong with the agent autoprotection, and is preventing even the installer from uninstalling the 6.4 agent. The computer i tried this on has Windows XP, but there are several computers affected, some of them with Win 7, 8.1 and 10. I then uninstalled the old agent from control panel, and then used the all-in-one installer to upgrade to 6.5, and that worked, but it's not a very good solution, as that means visiting every affected computer. Is there a way to fix whatever problem is causing the installer to not be able to stop the agent service? That seems to be the main problem. Regards.
  18. Hi, I readed the help of ESET Mail Security 6.4 and also the information of this page: hxxp://support.eset.com/kb5956/?viewlocale=en_US But i still don't understand what is that ignored lists do. It's clear that "approved" is a whitelist, while "blocked" is a black list, but "ignored"? If a filter would ignore something, that normally means it's whitelisted, but look at the explanation from the link above: " Add a domain name, email address or IP address to the Ignored lists to continue to scan all communications for spam except for those specific lists selected to ignore. This feature is designed to protect you from spoofed emails that take advantage of your familiarity with a certain email address. " It's me, or that's totally unclear? Any help is welcomed. Thanks.
  19. I was also surprised to see it's read-only. Then what's the difference between apply an force? I wanted to make the firewall recognize our internal networks as trusted, exclude them from IDS, etc, but that seems to limit what the users can set on the firewall.
×
×
  • Create New...