drewd

It appears that IIS is using a port that the ERA Dashboard is configured to use. You can try changing the port that the ERA Dashboard uses, by performing the following steps: Open the ESET Remote Administrator Console (ERAC) by clicking Start > All Programs > ESET > ESET Remote Administrator Console > ESET Remote Administrator Console. Click Tools > Server Options. Click the Advanced tab > Edit Advanced Settings. Expand ESET Remote Administrator > ERA Server > Settings > Dashboards. Click HTTP Server Port, and HTTPS Server Port, (one at a time), and enter values for your chosen (available) ports. Click Console then Yes to save your changes. Restart the ESET Remote Administrator Server service: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN743 Restart the ESET RA HTTP Server service. NOTE: You can use Netstat to verify whether a given port is available or not: hxxp://technet.microsoft.com/en-us/library/bb490947.aspx

The following ESET KB article explains how to remotely install ESET NOD32 Antivirus Business Edition for Mac OS X: How do I remotely install ESET NOD32 Antivirus Business Edition for Mac OS X? hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2524

Although there is not a Virtual Desktop Infrastructure specific version of the ESET antivirus client, our current Endpoint products are certified as VMWare Ready and Citrix Ready. For additional information regarding how to deploy our products in a VDI environment, please read the ESET Virtual Environment Optimization Guide.

Please verify with us that you have performed the following steps: User credentials are not syncing in the Active Directory of the ESET Remote Administrator Server hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2757

Please use the ESET KB article SOLN2716, that ChadH suggested to verify that the ESET antivirus client is configured properly to connect to the ERA Server, and that port 2222 is open on both the server as well as the workstation: hxxp://kb.eset.com/esetkb/SOLN2716:

Have you tried updating openssl? What is the output of the following command from a terminal? openssl version If you are running a 64-bit OS, you may need to install the 32-bit version of openssl. Also what is the output of the following? uname -a && cat /etc/*release

I see that you would like to automatically initiate deployment of the ESET antivirus client, to machines where it is not yet installed. You can accomplish this via a Windows Login Script. A Windows logon script will allow you to assign tasks that will be performed when a user logs on to a particular computer. Since a login script is essentially a text file, you can just use a simple text editor to insert a line into the script that will call the file einstaller.exe from a predefined network share. This will initiate the remote push installation of the ESET antivirus client, from the ERA Server on the network, to the intended endpoint client machine. Here are the instructions regarding how to deploy the ESET antivirus client via login script: I. You will need to set the Default Logon for Email and Login Installations. The Default Logon window lets you set the user credentials and domain information required to access your client computer on the network and manage the ESET product installed: 1) Open ERAC, select the Remote Install tab, right-click any entry within the Computers tab pane, select Set the Default Logon for Email and Login Installations from the context-menu, and then enter the required data: User name Password Domain/Workgroup 2) After you enter the data, press the Set Logon button to save the information on the server. Note: The account under which the installation of the package is to be performed must be an account with administrator rights or, preferably, a domain administrator account, and this logon information will only remain stored until the next server restart. II. You will need to create an install package. How to create an installation package hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2982#create_package III. You will need to edit the login script to add the line calling einstaller.exe from the predefined network share, and export the einstaller.exe file that is associated with the package that you intend to deploy, to a network share: 1) Right-click an entry on the Remote Install tab, click Export to Folder or Logon Script and select the Type and name of the Package to be automatically installed. 2) Click next to Folder to select the directory where the einstaller.exe file will be located and available within a network share, and then click OK. 3) In the Share field, make sure that the path is correct or edit it if necessary. 4) Click Export to Folder to export the einstaller.exe agent to the shared folder. 5) Click … next to Script Folder to select the folder where the script is located and modify the mask if necessary. 6) In the Files section, select the file into which the line calling einstaller.exe will be inserted. 7) Click Export to Logon Script to insert the line. 8) Location of the line can be modified by clicking Edit >> and saved by clicking Save. NOTE: Here is some additional information from Microsoft, regarding how to create and use a logon script: Creating logon scripts hxxp://technet.microsoft.com/en-us/library/cc758918(v=ws.10).aspx Assign user logon scripts via GPO hxxp://technet.microsoft.com/en-us/library/cc781361(v=ws.10).aspx Note: Immediately after the agent successfully completes the remote installation process, it marks the remote client with a flag prohibiting repeated installations of the same installation package. The flag is written to the following registry key: HKEY_LOCAL_MACHINE\Software\ESET\ESET Remote Installer If the Type and Name of the package defined in the einstaller.exe agent match the data in the registry, the installation will not be performed. This prevents repeated installations from targeting the same workstations.

I see that you are asking about using text strings to identify non legitimate email as SPAM. EMSX allows you to setup User-defined rules from within the EMSX GUI, that can filter SPAM and malware based on many different variables: You can specify conditions, such as text strings, that when detected will result in certain actions being performed, such as the email being placed into the system quarantine, or certain types of attachments being deleted. Here is some additional information regarding creating, and using User-defined rules to filter SPAM and malware, from the documentation that you referenced previously: hxxp://download.eset.com/manuals/eset_emsx_45_userguide_enu.pdf 1.4.3 Application of user-defined rules Protection based on user-defined rules is available for scanning with both the VSAPI and the transport agent. You can use the ESET Mail Security user interface to create individual rules that may also be combined. If one rule uses multiple conditions, the conditions will be linked using the logical operator AND. Consequently, the rule will be executed only if all its conditions are fullfilled. If multiple rules are created, the logical operator OR will be applied, meaning the program will run the first rule for which the conditions are met. In the scanning sequence, the first technique used is greylisting - if it is enabled. Consequent procedures will always execute the following techniques: protection based on user-defined rules, followed by an antivirus scan and, lastly, an antispam scan 3.1.2 Rules The Rules menu item allows administrators to manually define email filtering conditions and actions to take with filtered emails. The rules are applied according to a set of combined conditions. Multiple conditions are combined with the logical operator AND, applying the rule only if all the conditions are met. The Number column (next to each rule name) displays the number of times the rule was successfully applied. Add... - adds a new rule Edit... - modifies an existing rule Remove - removes selected rule Clear - clears the rule counter (the Hits column) Move up - moves selected rule up in the list Move down - moves selected rule down in the list Unchecking a check box (to the left of each rule name) deactivates current rule. This allows for the rule to be reactivated again if needed. NOTE: You can also use system variables (e.g., %PATHEXT%) when configuring Rules. NOTE: If a new rule has been added or an existing rule has been modified, a message rescan will automatically start using the new/modified rules. 3.1.2.1 Adding new rules This wizard guides you through adding user-specified rules with combined conditions. NOTE: Not all of the conditions are applicable when the message is scanned by the transport agent. By target mailbox applies to the name of a mailbox (VSAPI) By message recipient applies to a message sent to a specified recipient (VSAPI + TA) By message sender applies to a message sent by a specified sender (VSAPI + TA) By message subject applies to a message with a specified subject line (VSAPI + TA) By message body applies to a message with specific text in the message body (VSAPI) By attachment name applies to a message with a specific attachment name (VSAPI + TA) By attachment size applies to a message with an attachment exceeding a defined size (VSAPI in Exchange 2000 and 2003, VSAPI + TA in Exchange 2007 and 2010) By frequency of occurrence applies to objects (email body or attachment) where the number of occurrences within the specified time interval exceeds the specified number (TA with VSAPI disabled). This is particularly useful if you are constantly spammed with emails with the same email body or the same attachment By attachment type applies to a message with an attachment of specified file type (actual file type is detected by its contents, regardless of file extension) (VSAPI) When specifying the conditions above (except the By attachment size condition), it is sufficient to fill in only part of a phrase as long as the Match whole words option is not selected. Values are not case-sensitive, unless the Match case option is selected. If you are using values other than alphanumerical characters, use parentheses and quotes. You can also create conditions using the logical operators AND, OR and NOT. NOTE: The list of available rules depends on installed version of Microsoft Exchange Server. NOTE: Microsoft Exchange Server 2000 (VSAPI 2.0) only evaluates displayed sender/recipient name and not the email address. Email addresses are evaluated starting with Microsoft Exchange Server 2003 (VSAPI 2.5) and higher. Examples of entering conditions: By target mailbox: smith By email sender: smith@mail.com By email recipient: “J.Smith” or “smith@mail.com” By email subject: “ ” By attachment name: “.com” OR “.exe” By email body: (“free” OR “lottery”) AND (“win” OR “buy”) 3.1.2.2 Actions taken when applying rules This section allows you to select actions to take with messages and/or attachments matching conditions defined in rules. You can take no action, mark the message as if it contained a threat/spam or delete the whole message. When a message or its attachment matches the rule conditions, it is not scanned by the antivirus or antispam modules by default, unless scanning is enabled explicitly by selecting the respective check boxes at the bottom (the action taken then depends on the antivirus/antispam settings). No action – no action will be taken with the message Take action for uncleaned threat - the message will be marked as if it contained an uncleaned threat (regardless of whether it contained the threat or not) Take action for unsolicited email - the message will be marked as if it were spam (regardless of whether it is spam or not). This option will only work if antispam protection is enabled and the action is being performed on transport agent level. Otherwise this action will not be performed Delete message – removes the entire message with content that meets the conditions, however this action only works on VSAPI 2.5 and newer (VSAPI 2.0 and older cannot perform this action) Quarantine file - attached file(s) that meet the rules criteria will be put into file quarantine of ESET Mail Security, do not confuse this with the mail quarantine (for more information about mail quarantine see Message quarantine ) Submit file for analysis - sends suspicious attachments to the ESET lab for analysis Send event notification - sends a notification to the administrator (based on settings in Tools > Alerts and notifications) Log - writes information about the applied rule to the program log Evaluate other rules - allows the evaluation of other rules, enabling the user to define multiple sets of conditions and multiple actions to take, given the conditions Scan by antivirus and antispyware protection - scans the message and its attachments for threats Scan by antispam protection - scans the message for spam NOTE: This option is available only in Microsoft Exchange Server 2000 and later with the transport agent turned The last step in the new rule creation wizard is to name each created rule. You can also add a Rule comment. This information will be stored in the Microsoft Exchange Server log.

It is difficult to say what exactly happened, based on the information provided, but you can do the following in the future: Ensure that you are using ESET RA version 5.0.511.0 or higher, and EMSX version 4.5.10011.0 or higher. It is always a good idea to have backups of all of your current configurations. If you want to create a XML file that can be imported directly into the EMSX client then be sure to use the "Export Marked to" option from ESET Configuration Editor, which should only export the options that you specifically edited. If you want to deliver the configuration settings to a number of machines you can use either an ERA Configuration Task, or you can edit an ERA policy directly as well. You can also create backups of all of your policies, globally, and individually as well.

The ApprovedSenders file is now managed from within the EMSX GUI Antispam engine parameters setup, as the Allowed Senders/Domains whitelist. You can access this functionality via the EMSX GUI to enter the email addresses and domains that you want to whitelist, one-by-one, or you can also use the ESET Configuration Editor to add a comma-delimited list: You also have the option of entering the email addresses, and domains that you would like to add to the EMSX Allowed Senders, as a comma-delimited list, from within the ESET Configuration Editor: Windows Server v4.5 > Mail Security 4.5 for MS Exchange Server > Server protection > General mail server protection settings > Antispam protection > Antispam engine setup > Filtering > Allowed senders list (Whitelist): Once you compile the coma-delimited list, and then enter it into ESET Configuration Editor, you can then export the entire configuration as a XML file to be imported directly into EMSX, or pushed out from ERAC via policy or configuration task.