RvW

I did some research and this is what I found on different forums: There are two possibilities: 1. slow Office save times to Windows Server 2008 Vitaly suggested to disable SMB2 on the server that holds the share. To do so add a REG_DWORD entry named Smb2 with a value of 0 to: HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters Then reboot the server. SMB2 is and updated version of SMB1 protocol. SMB2 is native to Server 2008 and Windows 7 and Vista. If any of your clients would be XP, OR your server would be W2K3, then SMB1 would be used instead and you would not have the problem you are experiencing right now. Disabling SMB2 on the W2K8 server forces Windows 7 to become backward compatible and switch to using SMB1. However, the problem you are experiencing is caused by MS Office 2007 is not working properly with SMB2 protocol. Since I am not a developer and I do not work for Microsoft I can not tell you why Office 2007 works this way with SMB2. For testing purposes, you can try to search for how to disable SMB2 on your Windows 7 client rather then disabling it on the server. This should provide same result. I know that disabling something may not be the prettiest solution but this is the only one that worked for this problem so far. 2. slow Office save times to Windows Server 2003 Clay Kimber suggested to try disabling indexing on the file locations where you are experiencing slow save times. Try disabling indexing of Offline Files if appropriate for your situation: https://technet.microsoft.com/en-us/library/gg985445(office.12).aspx James Nelson added to that: SMB2 doesn't exist in Windows Server 2003. The cause may be an offline files cache that was being indexed by Windows 7. Please disable indexing on the offline files cache. If you are seeing this with Windows 7 and Win 2003 file server with redirection in place, I have to suggest that the offline files cache on Windows 7 may be the issue. Have a look in your users' folders on the server and look for temp files. If you see a bunch of odd looking temp files with alpha-numeric characters in their names, run a test by disabling indexing on the user's offline files cache in Indexing Options in the Control Panel. Hope this helps.

Did you manage to solve this and if so how?

Out of curiosity, Surfergirl, why are you still using v5? Have you considered upgrading to v6? For your own safetey you should consider using the latest version.

This is an old thread but the following may be a possible workaround. I'm not sure as I was not able to test this myself. - go to advanced settings (or just open ESET and hit F5) - go to Web and email - go to Email client protection - go to Alerts and notifications Change "Append tag messages..." (the first option) to "Never". Please let me know if this works. This seems to be related to: Email message in Outlook changed to draft by ESET

Okay, please try the following: (And I do mean try because I was not able to test this myself.) - go to advanced settings (or just open ESET and hit F5) - go to Web and email - go to Email client protection - go to Alerts and notifications Change "Append tag messages..." (the first option) to "Never". Please let me know if this works. This seems to be related to: ESET Endpoint Security causing duplication of emails and sync conflicts in Outlook

Are you using Cached Exchange Mode? Turn on Cached Exchange Mode https://support.office.com/en-us/article/Turn-on-Cached-Exchange-Mode-7885af08-9a60-4ec3-850a-e221c1ed0c1c

@cpetry : why don't they install v6?

Whenever you submit samples it is important to include as much information as possible. Just sending a sample won't do. Please also include: 1. Your username (e.g. EAV-123456789) or public ID 2. A small description of your environment: - Where is ESET Mail Security for Windows installed? - Which operating system are you using? - Is your OS up-to-date? - How much RAM, what kind of disk capacity, which CPU? - Is the server multihomed? (i.e. are there multiple Ethernet interfaces)? 3. Which email client is installed on the workstations? Which operating system is installed on the workstations? Which antivirus software is installed on the workstations? 4. Which version of Exchange are you using? Following versions are supported: - Microsoft Exchange Server 2003 SP1, SP2 - Microsoft Exchange Server 2007 SP1, SP2, SP3 - Microsoft Exchange Server 2010 SP1, SP2, SP3 - Microsoft Exchange Server 2013 CU2, CU3, CU4 (SP1), CU5, CU6, CU7, CU8 - Microsoft Exchange Server 2016 5. What are the Microsoft Exchange Server role(s)? - Mailbox Server role - Client Access Server role - Hub Transport Server role - Edge Transport Server role - Unified Messaging Server role Please note antispam only works with Hub and Edge Transport Transport Server role. 6. Which version of ESET Mail Security for Exchange (EMSX) are you using? Open ESET Mail Security > Help and Support > About ESET Mail Security. 7. Which ESET Mail Security components are installed? Open ESET Mail Security > Help and Support > About ESET Mail Security > please click Copy and email that to ESET. 8. Please provide at least 10 samples of legitimate emails that were wrongly classified as spam (false positives) or spam that was wrongly classified as legitimate email (false negatives) in the EML format. 9. An ESET Log Collector report. How do I use ESET Log Collector? hxxp://support.eset.com/kb3466/ Please zip everything into one file and email it to ESET.

But this KB article hxxp://support.eset.com/kb3415 explains it step by step. How can this be over your expertise level? :-o

Yes, should be.

I'd like to repaet how to enable pre-release updates: How do I enable or disable pre-release updates in my ESET product (Home Users)? hxxp://support.eset.com/kb3415/ How do I enable pre-release updates (Business Users)? hxxp://support.eset.com/kb3693/

Please try to access the blocked website with pre-release updates. You can do this by following the articles on our website. How do I enable or disable pre-release updates in my ESET product (Home Users)? hxxp://support.eset.com/kb3415/ How do I enable pre-release updates (Business Users)? hxxp://support.eset.com/kb3693/ If the issue still persists, please try disabling SSL/TLS. You can disable SSL (not recommended) or you can activate SSL in Interactive mode: Setup > Advanced Setup > Web and Mail > SSL/TLS > Enable SSL/TLS protocol filtering > SSL/TLS protocol filtering mode: Interactive mode. If you disable SSL temporarily and everything works fine at least we know what's causing this. As mentioned before deactivating SSL is not recommended. Interactive mode will ask you if you want to allow or block a website. You can allow the websites that are safe and Ignore the websites that are safe but cause problems. This part of the manual provides further information on adding certificates manually: hxxp://help.eset.com/ess/9/nl-NL/index.html?idh_config_epfw_ssl.htm There is a link List of known certificates that you can use to add the URL of the website for which you want to add the certificate. If the issue still persists, please open a support ticket (click Support on the ESET website and create a ticket).

v4 is EOL and no longer supported. You should upgrade to ESET File Security ASAP. The link rekun quoted is for v4, please use the following links instead: How do I disable the graphical user interface (egui.exe) in ESET version 6 business products? hxxp://kb.eset.com/zap/SOLN3709 Recommended settings for ESET File Security installed on a terminal or Citrix server (6.x) hxxp://support.eset.com/kb3699/ In the current version of File Security you can change the value through the eShell command. The commands are: set ui ui gui-start-mode full – for full set ui ui gui-start-mode minimal – for minimal set ui ui gui-start-mode manual – for manual set ui ui gui-start-mode none – for silent

@ Stocklone, Sicilia42 & nicoschoeters : Please try the following: 1. This part of the manual provides further information on adding certificates: hxxp://help.eset.com/ess/9/nl-NL/index.html?idh_config_epfw_ssl.htm There is a link List of known certificates that you can use to add the URL of the website for which you want to add the certificate. In this case the Windows Store. Please try adding the certificate (just add the URL and the certificate will be fetched automatically). Please let me know if this works, otherwise go to the next step. 2. You can disable SSL (not recommended) or you can activate SSL in Interactive mode: Setup > Advanced Setup > Web and Mail > SSL/TLS > Enable SSL/TLS protocol filtering > SSL/TLS protocol filtering mode: Interactive mode. Interactive mode will ask you if you want to allow or block a website. You can allow the websites that are safe and Ignore the websites that are safe but cause problems. Please let me know if this works.

@ Marcos : how to disable web protection? how to disable protocol filtering?

That's not a solution. You're running a security risk by using an older version. You should try to solve this problem in v9. Thanks for the advise, already upgraded back to v9. I've disabled Protocol Filtering and Windows Mail (Gmail) syncing works. Already PM Marcos with those log files. I wouldn't disable Protocol Filtering. Instead you can activate SSL in Interactive mode: Setup > Advanced Setup > Web and Mail > SSL/TLS > Enable SSL/TLS protocol filtering > SSL/TLS protocol filtering mode: Interactive mode. Interactive mode will ask you if you want to allow or block a website. You can allow the websites that are safe and Ignore the websites that are safe but cause problems. This part of the manual provides further information on adding certificates: hxxp://help.eset.com/ess/9/nl-NL/index.html?idh_config_epfw_ssl.htm There is a link List of known certificates that you can use to add the URL of the website for which you want to add the certificate. Hope this helps.

4.2.3 Protocol filtering Antivirus protection for application protocols is provided by the ThreatSense scanning engine, which seamlessly integrates all advanced malware scanning techniques. Protocol filtering works automatically, regardless of the Internet browser or email client used. To edit encrypted (SSL/TLS) settings, go to Web and email > SSL/TLS. Enable application protocol content filtering – Can be used to disable protocol filtering. Note that many ESET NOD32 Antivirus components (Web access protection, Email protocols protection, Anti-Phishing, Web control) depend on this and will be non-functional without it. Excluded applications – Allows you to exclude specific applications from protocol filtering. Useful when protocol filtering causes compatibility issues. Excluded IP addresses – Allows you to exclude specific remote addresses from protocol filtering. Useful when protocol filtering causes compatibility issues. Web and email clients – Used only on Windows XP operating systems, allows you to select applications for which all traffic is filtered by protocol filtering, regardless of ports used. Source: hxxp://download.eset.com/manuals/eset_eav_9_userguide_enu.pdf

Yes, exactly. So to sum it up: 1. Open ESET > Setup > Advanced setup > Tools > Diagnostics > Enable Protocol filetering advanced logging. Make sure it's enabled. If the option is missing please try: Setup > Advanced setup > Web and mail > Protocol Filtering > Enable Protocol filetering advanced logging. 2. Reproduce the error (i.e. check your email, send a quick test, read an email, whatever). 3. Disable Protocol filetering advanced logging. 4. The logs were written to two files: EsetProxyInner.pcapng and EsetProxyOuter.pcapng. Those files are located in the target directory. You can see the target directory in Setup > Advanced setup > Tools > Diagnostics. Examples: C:\ProgramData\ESET\ESET NOD32 Antivirus\Diagnostics C:\ProgramData\ESET\ESET Endpoint Security\Diagnostics It depends which product you use (ESET NOD32 Antivirus, ESET Smart Security, etc.). Please note ProgramData is a hidden folder. You might need to show hidden files and folders: hxxp://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Use Internet Explorer to find those files. Compress them (right click > Send to > Compressed (zipped) folder. PM those files to Marcos. 5. Create a an ESET Log Collector log and PM that to Marcos: hxxp://support.eset.com/kb3466/ Good luck.

That's not a solution. You're running a security risk by using an older version. You should try to solve this problem in v9.

Please post your information about the installed modules: - open ESET - click Help and Support in the menu - click About ESET... - click Copy - paste here in this forum post Thank you.

Does this link help? How do I reset the ESET Remote Administrator Web Console password? (6.x)

There is a KB article about this: Error opening boot sector during scanning

Very interesting, thank you for sharing. I would like to add there is also a Cryptolocker Prevention Kit (just Google it) since 2013. Apparently the kit still works.

If the threat records in the threat logs can be muted (marked as resolved) manually, and they will not be red anymore, does this mean you have to manually do this for 999+ threats or can this be done through a policy? If so how?

Is there any news on this topic? We are having the same problem challenge.