JaapHoetmer

Having read through the many comments I see a lot of frustration and concerns that mimic our own. We have deployed ERA6 at several of our customers, but have become more and more frustrated by the complicated setup, lack of documentation, and weird user interface logic. It is customary that version upgrades introduce new features and a new vision, so we accepted a learning curve, but after several months of struggling we've not come any closer to a reliable use of the various installations, and security risks are mounting as a result. V6 is simply too much for small and medium businesses, where time is limited and more costly than with larger organisations. My clients won't foot the bill for hours of tweaking and trying to get it right. Therefore we have decided to revert back to v5, and when the time comes that v5 will no longer be supported, we will review the situation and our options, and decide which AV solution to adopt. One of our customers is currently using GData with 100 endpoints, and their management server looks promising. Pushing endpoints is a breeze. Having just completed our own ERA v5 installation, and pushing the first end point, within the space of one hour, I am very happy to have gone back to the trusted v5 environment, it simply works well. ERA V6 is at present just too much for what it is supposed to do.

Interestingly, the product (v4.5) by default detects and blocks spam based on a DNSBL source, as the journal shows mails being blocked because URLs are in DNSBL, but this is nowhere to be found in the configuration. How is this controlled and configured? The documentation only mentions the earlier referenced settings that can be configured for RBL, LBL and DNSBL, but these are empty for now.

I am in the same boat. The manual is useless when it comes to configuring RBL, DNSBL etc, but these settings are important to be able to bring down the spam volumes. A bit more help or suggestions would be appreciated. For example, the RBL section mentions: Please refer to the RBL section in this document for further information. but there is no other 'RBL section' in the document. so is this infinite loop a typo, or should there be another section explaining more in-depth how to configure this? Before using ESET Mail Security I used GFI MailEssentials, which worked really well and provided a lot of information on the configuration options, as well as the results (good log file viewing, graphical display of effectiveness, etc). On the antivirus front I am happy with ESET but maybe I need to go back to GFI for the mail server antispam, if this doesn't improve. Is anyone from ESET able to offer additional insight?

One question, though, you say ESET doesn't integrate with Thunderbird, but I believe it does. Or so the configuration indicates. See attached image. Am I misinterpreting?

OK thanks Marcos, that makes sense. I'll continue my investigation. Kind regards

Hello One of my customers using ESET is experiencing daily recurring issues with sending mails. Thunderbird sometimes refuses to send, throwing an error message 'Cannot connect to SMTP Server xx.xx.xx.xx, NB connect error 1460.' After a little while the problem disappears and emails can be sent again. The ISP support engineer suggested to verify the AV software and settings, but in over 200 installations of ESET endpoints this is the first time I see this happening. I also found a statement in a forum from a Microsoft rep that this could be the antivirus software needing adjustments. Does anybody have had similar experiences, and if so, what are the suggestions? Since this is recurring daily, can it for instance be related to the AV updates being installed? Product used: ESET Endpoint Antivirus v5.0.2229 with Remote Administration Server. Thanks!

Hi SweX, thanks for the reply, yes I do understand and appreciate that it is very hard to keep up with the ever changing landscape of sites infected with malware, but no information is not good either. As Marcos was saying before you, the reason for the block was known, so this information _was_ readily available. It just never showed. Most if not all sites that have been marked or recorded by ESET as carrying malicious content do show a message in the browser that at least provides a minimal indication, and a log entry helps to track this. However, this site didn't, only the popup showed indicating objects had been blocked but without indicating why. The product additionally doesn't show anything in the log about this particular event, which to me is not correct. I have checked all the settings available, and couldn't get it to log the event by whatever means.

Thanks, Marcos,for the information. I am wondering why this information is not shown anywhere, as the popup alert only says that access to the site content is blocked, but states no further reason or where to go for more information. Additionally, the application's journal doesn't state anything related to these events having taken place, despite the fact I enabled ThreatSense journaling. Why is the log/journal not showing this? Regards, Jaap

Hello My Endpoint AV blocks access to jpg files from a particular website, but it doesn't say why. These events are also not visible in the journal, are they logged anywhere so I can understand why the access is blocked? The website in question is hXXp://sorayabakhtiar.com/ Thanks, kind regards