FeMaster

I have to assume that they are showing as detected as spam because I had manually flagged them as such. In any case, all of those message are long gone by now. I'll see what I can do with any future messages.

Wow, Still no response. 😟 My license expires the end of January, maybe I'll get some help just before it expires? ...Or, maybe I won't need help by that time... 🤔

Am I being left out to dry on this one? Seems as if the problem is getting worse, and I would really like to get something figured out here.

Curious if there has been any progress on this? Thanks again for any help.

OK, I've completed the requested steps. One thing I did notice was that initially when I reclassified the email as SPAM, it did not add the "[SPAM]" to the beginning of the subject line like the software was set to do. The logs may reflect that the same emails were reclassified more than once as I drug them back out of the spam folder and into the inbox again, and the did the reclassification again, and this time it did add the proper prefix to the subject line. eis_logs.zip SPAM Email.zip

In my Outlook 2013 Eset has it's own tab at the top when it's enabled, like in the attached picture.

I live in the US, and I really don't get a ton of SPAM, maybe 4 to 6 a day between the 5 email accounts I have set up in Outlook. Eset manages to catch and filter about 1 email a week on average, some weeks it catches none of them. The 5 different email addresses consist of 3 from my ISP (Charter.net), 1 Hotmail, and 1 Gmail. Just as a side note, I've added a few extra ports (465, 585, 587, and 993) under the Email Client Protection Protocol setup section so that EIS should be able to scan emails from any of my clients. I know this helps with scanning for infected attachments, but I'm not sure if it has any affect on SPAM filtering or not.

I'm just wondering if others are experiencing the same poor performance with the Anti-Spam module? I'm using Outlook 2013 and the SPAM filtering is extremely poor. As far as I can tell, I've got the settings for filtering set to the highest they can be, yet Eset might catch 1 out of every 30 junk emails and flag it as Spam. I constantly use the Eset plug-in in Outlook to manually flag the SPAM emails such. I would have thought that this would have at least offered some sort of "training" to the filter, but it's fruitless. The same email SPAM comes in every few days and is constantly ignored and allowed to pass. I've attached an example of a piece of SPAM, which I would think should be blatantly obvious to the filter that it is, yet it's never flagged as such. What's going on here?

Thanks again itman. I've played around with different configurations and believe that the trouble stems from the combination of using the Safe Access package on the router and having Open DNS set as the DNS server in the router. I found a site that I could consistently get the certificate notification to pop up on, then went through every combination of setting I could up with, clearing the browser cache and closing and open the browser between every test. When disabling the Safe Access package, no certificate warning, using Open DNS, no warning, using Safe Access with my ISPs DNS, no warning, Safe Access with Google DNS, no warning. Set everything back the way it was and the warnings were back. Safe Access and Open DNS by themselves work fine, but in combination, there is something that must be clashing with the other and causing all the headaches I've been having. In conclusion, not an Eset Problem... Case closed!

OK, while I was typing up that last reply, something interesting popped up on me that I have never seen before this point. Eset was complaining about it's own certificate being untrusted, any ideas on this one?

Nothing suspicious or out of the ordinary, WiFi is is VERY secure. Neither Eset nor my router indicate any devices on the network that should not be there. Not a work PC, it is a home PC. I'm trying to piece this all together here, and I may have come across a possibility of what is going on, but it's going to take a bit a finagling on my end to determine for sure. Back story is, I recently (within the last couple months) replaced an aging Asus router with a Synology RT2600ac. This has worked perfectly since it was installed, no issues at all. Synology recently pushed a firmware update that MAY coincide with the issues I am having, but I can't recall on the timing of it all to be sure at this point. In the latest update, they removed the typical parental controls that I was used to which were very similar to those on my old Asus router. They now have a package in the router called Safe Access which is like parental control on steroids. I'd say it's a bit closer to a business class type of malware detection / web filtering / access control. One other issue I am having that I just stumbled on, which leads me to believe that the culprit here may just be the router, is that with Safe Access enabled in the router, there is an issue with DNS servers, which has lead to a fair bit of complaining over on their support community. I'll give you my scenario, and perhaps you can give me your opinion on it. My setup has been, for a long time now, that in my router I have Open DNS specified as the DNS provider the router should use (which coincidental, or not, is now a part of Cisco; it might just be an Open DNS problem, hmmm). This helps me to filter out the majority of sites that I don't want my children going to. In my own PC I have the DNS specified as Google servers (8.8.8.8 and 8.8.4.4), which would of course bypass the Open DNS filtering just for my PC. Ever since the changes made by the Synology Router update and the addition of this Safe Access instead of standard parental controls, the DNS I have programmed into my PC is being ignored and all DNS quarries are going out through the Open DNS that is set in the router. Apparently this is a known issue at this point, and is supposed to be corrected down the road. Disabling Safe Access makes the DNS function as one would expect. I'm not sure how the Safe Access can fully override the PCs DNS settings, but it does. Just had an epiphany typing this up. The issue with Safe Access forcing all my DNS quarries to go through Open DNS (a Cisco company now) could be why I just recently started seeing this issue about these Cisco Umbrella certificates. Before this DNS issue, my PC was making all it's look-ups through Google, like I have it set to do, but Safe Access is somehow overriding this, forcing the PC to go through Open DNS now. If I can get some time this evening, I'm going to try some of these trouble prone sites with Safe Access disable, and possibly with the PC plugged directly into the modem completely eliminating the possibility of any interference from the router or anything else for that matter. Thanks for all your incite so far!

OK, this sounds wonderful. I've tried the same address through all 4 browsers (Firefox, Edge, Internet Explorer, and Chrome) and all of them lead to a warning page that there is a problem with the pages certificate. So, I guess I need to ask now, where do I go from here? This is my first time ever getting any type of infection or whatever this would be considered. I know a fare bit about computers and networks, but not so much about certificates and the like. I checked to see if there was any type of proxy settings set on my PC, but all appears clear there. Any advice going forward?

I've NEVER had a password on my advanced setup. Matter of fact, I didn't know you could have one until I read this and went hunting through the settings. Maybe I just breezed by it during initial setup or something, but I can confirm that there is no password by default. I do see, now that I've gone looking for it, that there is in fact an area in the advanced setup section where you can enable it and set a password of your choosing.

In the last week, or perhaps slightly longer, I've been getting a semi frequent popup from Eset Internet Security regarding an Untrusted Certificate. It's not happening on all secure sites, but on a few. All the alerts I have been getting so far have come from the same Root CA, so I assume it must be something to do with that single Root CA. I also would like to note that I found a recent posting about a similar problem with untrusted certificates and I tried the suggested fix of disabling Eset's SSL scanning, rebooting, and then re-enabling and rebooting again. This did not resolve my issue as I believe the two problems, while sounding similar, are completely different. I've attached pictures to show what I'm getting: Image #1 is the popup I'm getting stating that Firefox is trying to communicate over an encrypted channel with an untrusted certificate. Image #2 is the certificate Information (Why is the validity date range so short?) Image #3 shows the certificate path as well as it's status Image #4 shows the actual certificate details It would appear that the reason I'm getting this popup is because the certificate is not installed in the Certificate Store. Is this safe to do, and if it's an OK certificate, why is it not already installed? I guess I need a little guidance to what exactly is going on here, and why out of the blue this has started happening.

Yes, If this is the way of the future, where more and more apps and software are going to be going through the MS Store, there definitely needs to be something figured out with regards to this changing folder path issue. And to answer your original question, which showed up in my email but was apparently removed by you after the fact: Microsoft Firewall. The most obvious one that can handle when an application updates with a changed folder path. I've not used anything than other than Eset or Microsoft since this whole app thing has come about, so I can't comment on whether or not other vendors' products are capable of doing it or not. Perhaps the MS built-in firewall would be a good place for Eset's software developers to start with, to see how Microsoft does it and go from there with their own software firewall.