Jump to content

pronto

Members
  • Content Count

    67
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by pronto

  1. This is maybe the reason why I haven't found it... 🙄
  2. Servus Community, is it possible to configure a firewall in Windows File Security that only allows inbound and outbound ports from certain sources or destinations and prohibits everything else? For example RPD only from this host and also only RDP and nothing else? Or port 2222 (ESET Communication) only from and to this host? I can't follow the instructions I found in the File Security interface. The Windows Firewall would be one possibility but there are 1001 magic rules inside, of which probably half are only understood by Microsoft Nerds. I would like to avoid using them. Thx & Bye Tom
  3. Servus Community, we have received feedback from support. Removing macros from Office documents only works for Office documents that are newer versions or afair equal to version 2007. Under these versions, ESET cannot unzip the office document to remove the macro. The entire document is then moved to quarantine. This is a bit of a pity, because it would be a significant increase in security, but has a high error potential. Since this feature was introduced only a few weeks ago, there is still hope that it might be adjusted. Thx & Bye Tom
  4. Servus Marcos, I opened a support ticket. For everyone who is interested in and has access to the submitted data, the ticket number is: CASE_00092770 Thanks for your attention & Bye Tom
  5. Yes, this is what Matej announced a few posts before. Thx & Bye Tom
  6. Servus Matej, no, the rule does not work as expected. The entire attachment is still being moved to quarantine. The modules are all updated to current versions:
  7. Servus Matej, I could not follow your instruction step by step. I have underlined the parameters I consider necessary in your mail. However, I have not found the parameter 'Incoming email'. Here are the steps I have now set, could you please check if this is correct and if it meets our requirements? Create a new policy (Product: ESET Mail Security for Microsoft Exchange (V6+) Settings -> Server -> Rules Mail Transport Protection -> Edit -> Add Condition type -> Office Files -> Other Files -> Generic OLE2 Compound Document Action type: Quranatine attachment Apply policy in Mailserver related group (Not done yet, waiting for clearance) Thx in advance & Bye Tom
  8. Servus Matej, This are interesting news. Thank you for being so careful and giving feedback after such a long time. I don't know where I can look up in the Security Management Center what we actually use but according to the description of an article in your knowledge base I found it on my client and I would consider the German translation to be related to Archivunterstützungsmodul. It seems to be available in version 1302 and seems to be from 05.05 (Please note attached screenshot). The updates seem to come automatically. Such an unremarkable update unlocks such a fundamental function? Probably only the object type OLE is added, which addresses the macro as an embedded object. We will test it as soon as it is available and it would be something we have sadly missed so far. Thy a lot & Bye Tom
  9. Servus Rami, I'm afraid none of this would have helped, because ESET did not know about the virus at 11:00 and only at 15:00 a pattern was inserted which recognized the virus. We only noticed this because we have three exchange servers but only one of them accepts emails from outside, but the virus was only found four hours later on the two internal mail servers where the databases are running. ESET Mail Security is installed on all three servers. Normaly only the first mail server finds viruses and spam, and the other two usually don't even notice how evil the world outside is. Thx & Bye Tom
  10. Servus Rami, yes, i know that this can be disabled in office and we have enabled this policy but it only applies to the computers in our organization. But if we accidentally forward this email to an external business partner, they will receive an infected email from us as the sender. This would be negative, because I can't make sure that the business partner has secured his infrastructure as well in that deep level, and we are the sender of the virus. Thx & Bye Tom
  11. Servus Community, is it possible to setup ESET to remove any macro in Office documents, whether a virus is found or not? So don't delete the office document itself, just remove the macro? Background: Yesterday we received an email at 10:50 with an Office Word document to a mailing list and in this email was a macro with a trojan downloader. Upon receipt, ESET did not classify this email as suspicious. In the afternoon around 15:00 the virus was detected and removed by ESET in the Word document. In the four hours in between, a lot has happened to this email, including it being opened several times. Fortunately, we have configured additional policies in Microsoft Office that prevent the execution of a macro, but this only affects local PCs. But if we forward this email to a business partner who has not set such policies, he will receive a virus from us. Before we switched to ESET, we had Trend Micro and there you could enable an option that removed any macro from the Office documents and still delivered the safe document. No one needs macros and if they do, we'll find a solution. Can we configure ESET to do that? Thx & Bye Tom
×
×
  • Create New...