product_manager_8

Hi @jeifabdi, it is possible that someone is impersonating the "support" email but the real "from" address is actually different. If you have these emails in quarantine, go there, click on any one of them that says it´s coming from "support", and once you´re in the email´s detail page, you will see a link that says "show headers". If you click that, you will see the email headers and you can compare whether the "sender" field and "return path" fields are the same. If they are completely different, even on a different domain, it is likely that somebody is trying to impersonate the support sender.

Hi @mathisbilgi , ECOS scans .tar archives so it is surprising it would not scan this one. If you have logging of clean objects turned on in your policy, you can go into Scan Logs and see the detail of the log and it should say what the result and the reason was. There may be cases when it would not be scanned, such as if the archive is password protected. But it would be helpful in diagnosing the problem if you could let us know what the detail says. thank you

Hi @MDE, if you enable protection for the entire tenant or a group, it will automatically protect new users added to that tenant or the group. To do this, please navigate to License Management page from the side menu, pick a site with available licenses and click on it, then on the next screen you will see button saying "Protect" which when clicked will pop up a dialog where you will see the list of tenants and groups. You can check the tenant or a group you want to auto-protect and then click on "Protect" and the auto-protection is going to activate. I hope this helps.

There are pros and cons to everything If there is a gateway in front of the mailbox, and the gateway is out of order for whatever reason, the email may not get delivered at all as it could remain stuck at the gateway and would not be forwarded to the mailbox. On the flipside, with API security solutions, if that solution goes down, the email gets delivered, but it wouldn´t be scanned. Of course this is an edge case, but still something to think about. I don´t know about our competitors but when we onboard a new tenant (which is extremely easy and short), we only request minimal permissions necessary for ECOS to work. And you can also revoke them at any time if you want. I am not trying to convince you to choose ESET for your mail security, but I want to make sure you make an informed choice. If you decide to go with a competitor, and we end up releasing a gateway in the future, I hope we can win you back as our customer

Hi @ShaneDT, my apologies for the delay, I usually get automatic notifications for new threads but did not this time for some reason. To answer your questions, you are correct, ECOS is licensed per user. Shared mailbox is still seen as a user so you will need a license to cover it. But if you purchase ECOS as part of a bundle, you will get 10% extra licensed seats which should cover these cases. Distribution groups cannot be protected as they do not have their own mailbox. However, if your distribution group has 5 members and all of them are protected, the emails sent to them will be scanned as they land in each user´s mailbox. You are correct about the architecture of ECOS, that it gets GraphAPI notifications after the email is received. In 99% cases, this happens within 1-2 seconds and then the email gets scanned. We also check for missed notifications because as you mentioned, we are relying on MS to send the notifications. We are currently evaluating all options, including addition of a secure email gateway, similar to what our ESET Mail Security for Exchange is for on-prem. The market however is moving away from these kinds of traditional solutions but that does not mean you won´t see one from us in the future. I will use your valuable input in our discussions about future improvements/products.

Hi @Saado , there is a toggle switch on the Settings page (see screenshot below) that toggles visibility between all users vs. users that have a valid M365 license. If this user was protected before but his M365 license was suspended, yet ECOS protection was still active, they would still show up in the interface. But once you unprotect them, the filter is applied and they are not displayed anymore. Try turning this toggle switch off and see if the interface displays this user in your list again. Thank you for your business

you are very welcome @JasonT, I can confirm we are now working on this, so it should be fixed in one of the upcoming releases.

Hi @JasonT, we did some investigation and you are correct, it is not possible to apply this to the entire tenant right now. I am adding this as an improvement to our ECOS roadmap. Thank you for bringing this up.

Hi @JasonT, I will look into it and let you know.

Hi Daryl, could you please check audit log and see if the email has been previously released by any chance? Thank you

Hi @vanroy thank you for your reply, this is helping us to narrow down the issue and we are currently looking at what might be causing this behavior for you and how to solve it. Thank you for your patience and I may follow up with another message asking for more information if needed.

Hello @vanroy can you please describe where do you feel it is slow? Slow loading pages, or slow to protect users? We want to understand exactly what the problem is so that we can help you.

Hi @SLeger, we looked into this and I have some follow-up questions to make sure I understand your workflow correctly. Currently, when setting up the mail quarantine report source, you also select the report recipients in one step. So each user you select when setting up the reports, gets notified about the e-mails in their own mail quarantine (only). If I understand this correctly, you would like to have an option for admins to receive one report for all users´ emails currently waiting in the quarantine and so that you can release them sooner, without the user having to do it themselves? Do I understand this right? Thank you

Hi and thank you for posting your question. You are correct, there are some policies that may overlap. Office 365 protection cannot be completely disabled, so you are always partially dependent on the setup in the Office 365 admin panel. In regards to knowing what policy is applied, think of it in two stages - Firstly, the O365 policy is applied and ECOS comes in after. For instance, if the O365 policy is set up to delete spam right away, ECOS will not even see this email and it can´t therefore even apply any policy and perform specified action. On the other hand, if O365 is set up to let everything pass through, then ECOS will apply policies to emails it receives. Because of Office 365´s design, ECOS acts as a second layer of defense. I hope this answers your question

Hi and thank you for your feedback, I will talk it over with the development team and get back to you.