cmit

So, with EndPoint AntiVirus (not Mail Security for Exchange) installed and the ESET Dynamic Threat Defense enabled, even EDTD does not have the capability to prevent the this type of spam emails (screenshot examples) arrive into the Microsoft Outlook Inbox. I guess ESET cannot do anything in this case cause this is purely related to the sender who pretends to be someone legit and as long as there's no attachment in the spam/suspicious email, ESET product(s) won't be useful in this situation?

We already using the EndPoint Antivirus (for workstations) and the File Security (for servers). Currently trying the ESET Dynamic Threat Defense (trial) and read as much info about EDTD as possible. https://www.eset.com/ca/business/dynamic-threat-defense/ https://support.eset.com/kb6569/#oper_1 My understanding is the EDTD has (not limited to) these additional layer of protection features - Behavior-based detection - Machine learning - Zero-day threats detection - Cloud sandbox We all understand that nothing can always 100% prevent any latest threats right away but my question is why or why not we really need to add the EDTD. i.e. If there are new not-yet recognized threats (not yet in the Detection Engine and other ESET update database modules), without the ESET Dynamic Threat Defense, does this mean the EndPoint AntiVirus or the File Security simply won't always detect this new threat right away until the next release of modules update (usually 1 or 2+ hours later)? But with the ESET Dynamic Threat Defense installed, at least the EDTD will treat these threats as suspicious and move them to the cloud-sandbox scanning asap? Another related question is for the Microsoft Outlook integration (not ESET Mail Security, not using MS Exchange Server). Without the EDTD (only with EndPoint AntiVirus), does it really increase significant risks of Outlook not detecting threat emails asap?

- Could you explain what this deleted 'false positive' file really is and what does it do? (not sure if it's even related to the blue screen of death or related to Windows Updates) - Why it re-appeared 3 times after got deleted the first time? - What negative affects might happen to this computer since now this 'false positive' already got deleted (or will it reappear again)? noticed this same 'false positive' happened on two computers so far.

Which means....? (this computer runs Win7 x64)

Could ESET experts help explain what these messages mean? Same computer name, same infected file/message. Infection identified changed from 'suspicious object' to 'blocked EDTD'. Was it really a threat file that got deleted thanks to EDTD? Would the ESET EndPoint Antivirus (without EDTD) still catch it? My understanding is the ntoskernl.exe could be related to BSOD but need confirmation.

Is there still an option to set not to automatically restart the computer after the auto-update?

May I know the default settings means the endpoint client tries to download module updates every hour from where? Could you show me the default settings again?

What about scheduled nightly Smart Scan (i.e. 1am) when workstations not in-use? May I have recommendation about my 2nd question on scheduling auto-update? Thanks.

sent to you via ESET Mail. kindly check.

1. What's the best scheduler setting for daily nightly auto-scan for ESET File Security for: i.e. - domain controller - file server - IIS server - SQL server - server that has the ERA(v6) or ESMC(v7) running? Which kind of servers should run In-Depth scan and which should run Smart Scan? 2. What the best scheduler setting for auto-update? Would this example be a good fit? i.e. 1st profile: update directly from ESET's servers every 15min 2nd profile: update via proxy pointing to internal ERA/ESMC every 15min Recently everyday randomly on 10+ our of 150+ of our workstations (and servers) ESET sends email notification message below: "3/2/2019 13:55:59 PM - During execution of Update on the computer xxx, the following event occurred: File not found on server." I don't think the cause of issue is related to my auto-update too frequent because this issue is happening to many other ESET customers.

Could this 'File not found on server' issue be related to if the scheduler's auto-update too frequent (i.e. every 15min or 30min)?

The issue to me is it happened multiple times (not always) on some (not all) computers. Right now all our workstations are updated fine (v18951). I need to know why it happened? Was there disconnection on the ESET server(s) itself or was it because of the detection engine in the middle of newer update while our workstations' ESET was running the auto-update scheduler?

Same issue happening since yesterday on 20+ out of our 150+ workstations as well (EndPoint Antivirus 7.0.2100.4). It's not easy to reproduce the same error. Before this issue started happening, our scheduler always runs auto updates every 30min (instead of the default every 1hr). Questions: 1. Is there more than one ESET update servers you guys have? 2. From your end, are there any logs that shows the disconnection of your servers since yesterday(2/27)?

Thanks MichalJ. i.e. File Server that has shared network folder for domain users to save new files daily. Or maybe I should just schedule scan to that specific shared folder(s). It's like for domain Desktop computers (always powered on) that gets scheduled Smart scan (or In-Depth scan) every night. Thought servers should also have scheduled routine scan (weekly if not daily).

What's the recommended daily scheduled scan setting for Windows Servers (with ESET File Security installed)? What things need to be aware? (i.e. for Spiceworks, MS SQL Server, ERA, etc...)

Sorry a bit confused. Everytime this MindSpark issue happened, it created a sub-folder within this Win7 domain user's AppData\Local\Temp\ folder. ESET handled it by deleting that subfolder (scoped_dir..........). Could you specify what I should put in the rule? I know ESET handled it every time it happens but I need to know why only this user keeps getting this alert (on same computer) and how to stop it happening again? Example logs:

Marcos, Kindly reply via Messages sent to you this morning.

my question is: if not continually getting this error, does it prove the re-registration is a success? If yes, where in ERA can see the proof?

Why should not cause re-registration to WSC? How to prove the re-registration is then a success if not continually getting this error?

We currently have ERA v6 (planning to upgrade to v7). Most of our client computers already has EndPoint Antivirus v7 (upgraded from v6 via ERA v6). We use emails in two options: MS Outlook and SmarterMail(website-based https://www.smartertools.com/smartermail/business-email-server). Question 1: Does ESET detect threat email (with attachment) if user receives it via SmarterMail (website based email system via i.e. Firefox or Chrome)? If yes, how does it work? (No records shown about detection of threat email on our ESET EndPoint antivirus (client side) nor the ERA (server console side). If no, does ESET the protection actually triggers only when user actually opens up that dangerous attachment? Or is there a ESET plugin for Firefox/Chrome? Or this is entirely web-email client's responsibility (like Gmail)? Question 2: We had two (out of many) domain computers' MS Outlook got the threat email (from same sender) but our ESET client/server has no record (no log) about this threat on these two computers. What could be all the possible reasons? (this is VERY SERIOUS) Question 3: When a threat email is detected in MS Outlook, how exactly (process steps) does ESET EndPoint AntiVirus handle it? (i.e. Does ESET delete the threat attachment upon receive?) If the threat email was not automatically handled by ESET and the user forwarded that threat email, does the 2nd receiver also receive that attachment (like chain reaction)? Thanks a lot for looking into this and kindly let us know if something we missing.

Latest version (updated automatically). What about Firefox?

It happened on multiple domain computers (Win7 x64). Not always on the same PC. Sometimes same PC has same issue multiple times on and off, sometimes happened on different computer(s). So far the applications (Process Name) that cause this behavior are Google Chrome and Firefox.

attached screenshot and checked the directory, ESET does remove it (from real-time), but same issue re-occurred again on and off multiple times. what am I missing?

Checked manually and found out one of our domain computers (Win 7 x64) does not have Google Chrome installed nor Firefox. Only Internet Explorer as the web browser. This 'disable syncing' "solution" does not apply if no Chrome installed, right?

Still has this issue even with ESET v7 on multiple domain computers. Can't waste time one-by-one checking Chrome on affected domain computers. Already checked this thread (https://forum.eset.com/topic/13073-jsmindsparke/) but could ESET experts kindly help ESET customers to talk to Google how to properly resolve this? Also, is it always only from Google Chrome or could also be from somewhere else?