Jump to content


  • Posts

  • Joined

  • Last visited

About raimund

  • Rank

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi! We see a huge performance issue on network-speed with networkprotection installled on Windows 2012 R2 Server. (with HyperV Role and VMs). When uninstalled, networkperformance was as expected OK. Server HOST1 (HyperV enabled Role) has installed 2 x 10GBit NIC where NIC1 is patched to Switch (10G) and NIC2 to another Server HOST2 directly patched 10G. Since the Networkprotection Feature was enabled/installed, the networkspeed significantly went down on NIC1, which is configured as hyperv-virtual-switch (parent partition allowed to share adapter as well). On NIC2 copying between host1 and host2 over physical NIC2 was as expected 10G. Strange is also, if copying data from one linux vm to another linux vm it seems ok, but to windows vm or host1 slow. Notebook (1GBit) copying to server/vm with 66 MB/s when networkprotection was installed (no matter if enabled or not) - when unsinstalled speed constant 114 MB/s We tested with iperf3, with networkprotection installed and enabled on host1, we never got more than 1,2G on 10G. Could be an issue with networkprotection and hyperv-virtual-switch on windows server 2012 r2. ESET and Windows Server 2012 R2 are up2date, also Drivers and Firmware. BG
  2. perfekt article.... thank you but what in case of this... SPF+DKIM Checks are OK From: "known.customer@customersdomain.com" <evil@nasty.com>Return-Path: evil@nasty.com ? both sender are outside my network, but the one under the "" is my customer, the <> is the problem. you know outlook, the problem is the user, which believe this mail is will not be harmful, because it was sent by the customer, but at this time it's too late... blocking the nasty.com after receiving is too late. maybe next time mails came from: "antoher.customer@theirdomain.com" <bad@sender.com>
  3. Hi! Thank you for the information. my problem is not macros, my problem is mail spoofing, pls see mail header...
  4. Hi! I tried to use custom rules, but I was not able to combine the two From Headers, or to compare/differentiate (params), or I failed in the implementation. Quarantining Macro enabled Docs is clear to me, but does not solve the special problem of spoofing... also having a rule which checks for macros, but this macro was in office doc which was zipped... How can I build such a rule? The conditions are AND conditions... and how params should used?
  5. How can this be handled? or maked as spam? Such mails currently occur more frequently and the attachments are packed. Inside are Office Docs with nasty macros, which are mostly not recognized.... SPF Checks and DKIM is all OK From: "known.customer@trusteddomain.com" <evil@nasty.com> Date: Wed, dd Sep 2020 hh:mm:ss +0000 To: mymailbox@mydomain.com Subject: knownsubject MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Content-Type: multipart/mixed; boundary=067204a8992001fcc2d3323ef782a184 Message-ID: <xyz@mail01.mydomain.local> Return-Path: evil@nasty.com X-MS-Exchange-Organization-Network-Message-Id: 788513ff-5f7a-4da7-0e08-08d85faede96 X-ESET-AS: R=OK;S=0;OP=CALC;TIME=1600858394;VERSION=7861;MC=3420289152;TRN=2002;CRV=0;IPC=xxx.xxx.xxx.xxx;SP=0;SIPS=3;PI=3;F=0 X-ESET-Antispam: OK X-EsetResult: clean, is OK X-EsetId: 37303A29237BEC6B6D7C62 X-MS-Exchange-Organization-AuthSource: mail01.mydomain.local X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.4010310 X-MS-Exchange-Processed-By-BccFoldering: 15.01.1847.009
  • Create New...