Siumot

Hi. We use ESET Protect on-premise and ESET Endpoint Security or ESET Endpoint Anivirus on the clients - version 11. We use Thunderbird as our email client. I know that you have discontinued native support for Thunderbird, but maybe something could be set better to detect threats earlier. In Thunderbird, we store emails in the MailDir format, which means that each email is in a separate file. When scanning disks, infected emails are correctly detected and cleaned. However, real-time protection detects nothing. Only unpacking or running the saved attachment triggers the AV action. In an earlier thread about Thunderbild (https://forum.eset.com/topic/40503-does-eset-scan-the-files-of-thunderbird/#comment-182213) there was an answer that the imap protocol should be scanned when downloading messages. Maybe we set something wrong, because we don't see this behavior of NOD32. We can send/receive test e-mails containing viruses at will and real-time protection detects nothing. Regards, Tomasz

Yes, this is exactly this version. Ok, I'll report it to support. Thanks.

What could be the reason that some detections do not have SHA-1 calculated? Also in these cases the Signature type and Signer Name are Unknow - the print screen below is for "powershell.exe", which triggers the rule [E0309]. For some events of this type, the SHA-1 calculation is correct, but for some it is empty and I cannot find the reason. I thought we had a compromised version of powershell.exe, but when manually verifying the file from computers, it's ok. Any ideas?

The remote serial port device software performs CodeInjection on multiple processes/programs. Creating exceptions based on processes is not optimal, because I would have to write a lot of such exceptions, or make a very extensive logical OR section, and some process could be missing all the time. Is it possible to make an exception based on matching text in the TRIGGER EVENT field? Below is an example of our detections.