Jump to content

davidenco

Members
  • Content Count

    89
  • Joined

  • Last visited

Profile Information

  • Gender
    Male
  • Location
    Great Britain

Recent Profile Visitors

1,229 profile views
  1. All our servers and clients are failing to update via ESMC. The ESMC logs are displaying a lot of HTTP 401 and HTTP 502 errors, but only since around 13:00 today. Is this a global issue that you're aware of? ESMC has been rebooted and the proxy cache cleared but to no avail. 10.1.1.51 - - [14/Oct/2019:16:00:24 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep7/dll/update.ver.signed HTTP/1.1" 502 - "-" "EEA Update (**SNIP**)" 10.1.1.51 - - [14/Oct/2019:16:00:24 +0100] "HEAD hxxp://um09.eset.com/eset_upd/ep7/dll/update.ver.signed HTTP/1.1" 502 - "-" "EEA Update (**SNIP**)" 10.1.
  2. I just noticed these entries in the error_log on the ESMC Virtual Appliance. Could this be the problem? [Thu May 09 10:21:02.646568 2019] [access_compat:error] [pid 4373:tid 139798693996288] [client 10.1.1.76:3148] AH01797: client denied by server configuration: proxy:http:/repository.eset.com/v1/com/eset/apps/business/eea/windows/metadata3 [Thu May 09 10:28:07.070201 2019] [access_compat:error] [pid 4373:tid 139798954215168] [client 10.1.1.17:43234] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 10:38:17.186629 2019] [access_compat:error] [pid 4588:tid 13979883
  3. In ESMC v7; clicking OK despite the error works fine though, and reopening the condition to edit it shows the expression with no error, until the box is cleared and the text re-entered. Also, focusing on another field does not update the field's error state.
  4. The message disappears when I check for an update manually (as it has already done), so doing what you've suggested isn't going to work. Any suggestions?
  5. Did you read the entire post or just the reference I made to EDTD? This is nothing to do with EDTD, I don't even see it in the UI!
  6. What does this mean? The last update was successful and the event log says nothing about there being a problem with the last check. This is also happening for a handful of our Endpoint Antivirus clients and File Security servers. Is this EDTD all over again?
  7. I am creating a rule in EMSX 7 with the condition type "Message headers" and operation "Contains / contains one of" but, where I would expect to see the option to add multiple headers, instead I am being asked for the parameter as a single text entry box. Surely I should have the option of adding multiple headers especially given the fact I have selected "Contains / contains one of"?
  8. I have now removed the EMSX policy altogether, sent a wake-up call to EMSX to unassign the policy settings, reset EVERYTHING within advanced settings to defaults and created a brand new policy manually with a very minimal configuration. Greylisted is now disabled (as per the defaults) but I have enabled the temporary rejection of unclassified email and also the option whereby rejected emails are sent to ESET for further analysis. The results now are similar to before but with a difference, as follows: 03/04/2019 09:20:10 54.240.10.218 a10-218.smtp-out.amazonses.com <MAIL_FRO
  9. I have had to add various RBLs to EMSX (suggested by ESET Support) since it is unable to handle spam correctly having had numerous spam emails recently make it through and into mailboxes. Since adding the RBLs, spam is no longer a problem. However, false positives do occur, but even though the IP address is listed on an RBL, EMSX is then reclassifying it to OK, as follows: IP (87.253.233.130) listed on RBL service (bl.spamcop.net:127.0.0.2), Mail was reclassified to OK by whitelisted IP (87.253.233.130) Even though EMSX claims the email is now OK and no longer SPAM, the email is
  10. When adding a Server Scan client task via ESMC for EMSX 7, there's the option for "Scan targets" but no option for "Scan time limit" so when the task runs it's scanning every message regardless of age. When running an on-demand mailbox database scan or creating a scheduled task, both via EMSX, in all instances I am prompted for the scan time limit. Also, this section is displayed in ESMC but not in EMSX. Should it be?
  11. When configuring any clients or servers using a policy via ESMC, there is no option for "Scan targets". On the client or server however, there is an option "Scan targets" under "Malware scans" and the option is greyed out with a padlock icon next to it (which pops up a tooltip saying "read-only value"). There's an option to "View" and upon clicking it, the list of drives and operating memory appear, all of which are editable but upon clicking "OK" after making changes and "OK" again to close the advanced options, going back into the advanced options and viewing the scan targets shows no target
  12. This does not explain why it's been working for everyone, licensed or not, and then all of a sudden only a handful of clients reported a problem as ours did. I could not be bothered wasting time trying to work out why it's suddenly started happening so I disabled the option company-wide. That said, for whatever reason ESET has decided to be as unhelpful as possible when it comes to highlighting what requires an extra license, as the "i" icon currently says: "ESET Dynamic Threat Defense provides another layer of security by utilizing cloud-based technology to analyze and detect new, n
  13. I don't know why there isn't an option to refer to X list. Seems a bit backwards that I have to duplicate information and then maintain that duplicated information because ESET has a badly designed rule system. As for the header, I have checked a number of different whitelisted emails (as in whitelisted for different reasons) but they all have the X-ESET-AS header and every email so far says "OP=CALC". What does that mean? This is really frustrating. Does ESET not have a list of headers and what they mean? As for the missing conditions (i.e. referring to pre-populated list
  14. Alternatively, in what order are the rules executed, before the anti-spam engine or after? If the rules are executed before, can I change this to after? If they're already executed after the anti-spam engine, does the engine write a header to emails that are on an approved/ignored/blocked list? If so, I could add a condition saying if that rule exists, don't run the rule. Problem solved. I noticed this morning an email which is on the approved/ignored list has the "X-ESET-AS" header, compared to another email that does not feature on any list which does not have this header. What is
×
×
  • Create New...