cmccord

I have been running ESET Mail Security 4.5 on Windows 2008 R2, Exchange 2010 for about 6 months now and have not had any problems until now. I currently run ERA 5.2.26. Up until now, all logs have been transferring to the ERA server just fine. However a few days ago, antispam logs have not been showing up on the ERA server. No configuration or policy changes were made to trigger this. Logs are still being produced and able to be read on the Exchange servers themselves. This is not an ideal situation, as I have to spend more time that should be necessary to dig through logs to find what I'm looking for. Are there any suggestions on things that I can try to fix this?

I am fairly new to ESET and am still fine tuning policy settings as issues crop up. One issue that has cropped up is affecting our ability to get consistent backups. We run Microsoft DPM 2010 for backing up most file servers, and have ESET File Security installed on all of them. DPM goes through and touches each file, so if a risk is found, the real-time scanner picks it up, and places it in quarantine. Most, or all of the risks that have been found on the file servers JS/Redirector.NJU trojans. Personally I think these are false positives since they are coming from legitmate HTM and HTML files saved on the servers. However, the problem comes in that once in quarantined by ESET, DPM can no longer access the file, and then skips the file. DPM by default will only skip 100 files before the recovery point will fail. In my research I've found that Microsoft recommends deleting threats, not quarantining them when using DPM. So, I believe I have three options. 1. Set an exclusion for HTM and HTML files. - I don't really want to exclude this as as I'm afraid to open up attack vectors. 2. There is a registry key I can put in to increase the limit of skipped files, however I see that has a bandaid. The quarantined files number will surely increase over time and eventually exceed the limit again. 3. I can set ESET policy to delete instead of quarantine. However, I cannot find where to do that for file security. Can somebody direct me to the location in the ERA policy settings where this can be, if it can be done?

Installed the ERA server. Configured mirror using IIS, tested that, it works. Configured a basic policy which includes settings for remote administration, updates, and basic firewall settings. I exported the policy as an xml. Then I created a Windows package and included the xml in both the 64 and 32 bit installs. However, the settings do not apply to the machines when a remote push installation is done. Is there something that I'm missing?