frapetti
-
Posts
20 -
Joined
-
Last visited
Posts posted by frapetti
-
-
By the way, the reason, is still: "IP (190.61.219.106) found on cloud black list 1". Are you sure that this IP is NOT blacklisted? If so, then how can this be the reason?
I recently updated to EMSX 7.3.10011.0 , if that's of any help.
I opened a support ticket with zma.la , but i could open a ticket with ESET directly, if you give me instructions on how to do that.
-
On 4/1/2021 at 11:51 AM, M.K. said:
First question - yes, exactly.
Regarding the blacklist check - if the IP is on Ignored list, then no checks are performed with the IP, including neither cloud nor local blacklists. But the email could be, for example, marked as spam due to the blacklisted domain in the message body.
Very clear, thanks. It should be explained like this on the help pages.
On 4/1/2021 at 11:54 AM, M.K. said:EMSX tries to resolve as many IP addresses associated with that domain as possible - using A, MX, and SPF records. All resolved IP's could be checked in the Edit dialog in Advanced settings.
If the IP is on the list (approved domain to IP list) and the email is still being marked as spam, please submit a support ticket so we can have a look at it.
It seems like their email provider is sending from an IP (190.61.219.106) not associated with estudio-santoianni.com.ar in DNS. I advised them to discuss this with their email provider.
Still, i thought that adding the domain to the "ignored body domain list" would allow mails coming from any @estudio-santoianni.com.ar addresses to go through, regardless of the sending IP address, but it still gets quarantined. I thought that it was a simple string check, but agains what field(s) is EMSX checking the domains from this list? Against the sending email address? or "received: from" records? or maybe somewhere else? How does this list work, exactly?
Regards
-
Now I see that ESET is also quarantining mails from the accounting firm: estudio-santoianni.com.ar
The reason, is: "IP (190.61.219.106) found on cloud black list 1".
I even added the domain to "approved domain to IP list" and to "ignored body domain list", but it's still getting quarantined. How is that possible?
-
22 hours ago, Marcos said:
Please re-check, the IP address doesn't seem to be currently blacklisted:
Sender's IP "138.128.164.234" is classified as OK.
Thanks. Since i whitelisted the domain, no messages from them were quarantined anymore.
6 hours ago, M.K. said:IP addresses found on "Ignored IP List" will be skipped during classification, the rest of the email will be still checked.
That means that ESET will take no action based on the IP address of the sender, but still perform all other spam checks on the message contents? Then i assume that any blacklist check is not performed?
-
Hi,
We recently had to whitelist emails from one of our providers ( falconmx.com ), because Mail Security detected it as SPAM. The reason was "IP (138.128.164.234) found on cloud black list 1". What exactly is "cloud black list 1"?
If i do a blacklist check for that domain, it seems to be only listed on the UCEPROTECTL3, which lists entire ISPs for "bad reputation". But no one should block an email only because of that. Some of that lists are more important than others. A list of domains caught sending SPAM (for example, by spamtrapping) should be a lot more important than a list of ISPs with bad reputation, or lists of alledgedly dynamic IPs (in fact, only the ISPs themselves know which of their IP ranges are dynamically assigned). There are many companies with legitimate mail servers whose ISPs have "bad reputation".We considered adding it to "Ignored Domain to IP list", but the list description looks confusing: "List of domains that resolves to IP addresses which in turn will not be checked during classification. SPF records are being recognized when resolving IP addresses". What does "not checked during classification" means? How is "not checked" different from whitelisted? If only some of the tests are skipped, which tests are skipped, and which ones do still run?
Regards
-
4 hours ago, MichalJ said:
Yes, it´s a regular procedure. In the future, I would recommend to start processing the license renewal during the month before the actual license expiration. I can check your license, if you want to, what´s the status of the renewal in our licensing system.
That would be great, thanks. Do you need some info from us to check that?
-
22 minutes ago, itman said:
Is the below your Eset representative and to whom you made payment to?
ESET Latin America
ESET Latin America
Juan Diaz de Solis 1270, 2do. Piso
CP: B1638BHF
Vicente Lopez, Buenos Aires
ArgentinaTel: +54 (11) 5171-ESET (3738)
Fax: +54 (11) 5171-3739
Web: www.eset-la.comNo. When we buyed the product 3 years ago, we were assigned to an eset partner named "globalgate". Now that we needed to renew, we talked to them again. That's the usual procedure, right?
-
We approved the budget on january 20. The seller told us to wait as they started the process. On january 28 they sent us the data for payment. The following day it was payed.
How long could this take? People are a little uneasy about the "loose protection" notifications. Should i tell them to not worry about this, then?
Regards
-
Hi,
We are in the process of renewing our license. Already payed to our eset representative, but very close to the end date. Our license expired this month. I see that updates are still downloading, even when expired. What is the grace period for this, as to know how much time this can take before it becomes a real problem? Can this be speeded up? What happens after the grace period? The product stop downloading updates, but keeps working? Do we need to do any reconfiguration, or the license's date is just updated by eset and requires no technical intervention from us?Regards
-
For what i readed, SQL Server Native Client (SSNC) shouldn't be used anymore for new developments, and instead use new clients that replaced it. That's why there aren't any new SSNC versions. The last one was from 2012. Maybe ESET could do that, and then the problem would go away.
QuoteFor new features beyond SQL Server 2012, SQL Server Native Client will not be updated. Switch to the Microsoft ODBC Driver for SQL Server or the Microsoft OLE DB Driver for SQL Server if you want to take advantage of new SQL Server features going forward.
See: https://docs.microsoft.com/en-us/sql/connect/connect-history?view=sqlallproducts-allversions
-
That's dissapointing. If I had known about the limitations, i would have stayed in ELA, even if there's no link from the ESMC console to access ELA anymore.
-
I just upgraded to ESMC 7 and it sent me to the EBA page, where i migrated from ELA. However, i don't even find a way to sort the list of devices in EBA, something that i could do in ELA, and that is very important for finding duplicate devices. Can this be done somehow on EBA?
-
I think that i found a better solution: i used wmic to remotely uninstall the agent, with the following command:
/user:username /node:"computername" product where name="ESET Remote Administrator Agent" call uninstall
Then used the ESET Remote Deployment Tool to remotely install the All-in-one package. That worked very well on two computers. The whole unistall/reinstall process only required one reboot after the new version of ESET Endpoint Security was installed.
EDIT: However, several computers don't have the agent available in the add/remove software list, and so the wmic option isn't available for them.
-
On 17/6/2017 at 6:50 AM, MichalJ said:
No, this is not needed, if the endpoint installation was not touched.
What do you mean by endpoint installation? Something like re-installation of the OS, or the ESET Antivirus software? In my case, i had to remove the Agent, then install a new one.
-
Thanks, so if i understood this correctly, the ignored lists will only cause the status of external blacklists to be ignored, but the antivirus will still check the message locally for spam. This includes blacklists like spamhaus, or just the ESET cloud blacklists?
-
What if a computer is duplicated on the console, because it's agent had to be reinstalled? When removing the old computer from the console, should i deactivate the products, or not?
-
Hi,
I'm having some problems upgrading from v6.4 to v6.5. Fortunately, the ERA server upgraded without issues, but when trying to upgrade the Agents with the "Remote Administrator Components Upgrade" client task from ERA console, the task failed on several computers.
I then tried to upgrade the agent locally on the computers by manually running the stand-alone agent installer with the install_config.ini created by the console for GPO deployment, but it failed with the following error: Service 'ESET Remote Administrator Agent' (EraAgentSvc) could not be stopped. Verify that you have sufficient privileges to stop system services. (see attached image).
The user running the msi agent installer was an enterprise administrator, and it certaintly had privileges to stop any kind of service, however it could not stop the agent service or kill the process. I think that something went wrong with the agent autoprotection, and is preventing even the installer from uninstalling the 6.4 agent.
The computer i tried this on has Windows XP, but there are several computers affected, some of them with Win 7, 8.1 and 10.
I then uninstalled the old agent from control panel, and then used the all-in-one installer to upgrade to 6.5, and that worked, but it's not a very good solution, as that means visiting every affected computer. Is there a way to fix whatever problem is causing the installer to not be able to stop the agent service? That seems to be the main problem.
Regards.
-
Hi,
I readed the help of ESET Mail Security 6.4 and also the information of this page: hxxp://support.eset.com/kb5956/?viewlocale=en_US
But i still don't understand what is that ignored lists do.
It's clear that "approved" is a whitelist, while "blocked" is a black list, but "ignored"? If a filter would ignore something, that normally means it's whitelisted, but look at the explanation from the link above:
" Add a domain name, email address or IP address to the Ignored lists to continue to scan all communications for spam except for those specific lists selected to ignore. This feature is designed to protect you from spoofed emails that take advantage of your familiarity with a certain email address. "
It's me, or that's totally unclear?
Any help is welcomed. Thanks.
-
I was also surprised to see it's read-only. Then what's the difference between apply an force?
I wanted to make the firewall recognize our internal networks as trusted, exclude them from IDS, etc, but that seems to limit what the users can set on the firewall.
About changing the default ESET Server Port 2222
in ESET PROTECT On-prem (Remote Management)
Posted
Hello,
I know how to change the port on the server, and that policies can be made to tell the agent to connect to a different port, however for a policy to be applied, the agent needs to connect to the server first, so it seems obvious that a newly installed agent will need to know what's the server port. What is the recommended way to embed this new port on the installer? We use the All-in-one installer to install the agent + security product. Is there a way to make this change permanent so that any newly generated installer has the new port configured?
Regards