Hi,
there is a document called "[KB6102] Configure ESET Mail Security to protect against ransomware". This confuses me a little. It recommends to add a rule section called "Ransomware droppers" and to add several file extensions. But these file extensions are already part of the prepopulated rule sections like "Dangerous system file attachments" or "Office file attachments with macros". Is there any diffent result in doing it the way this document recommends?
Another issue I have with zipped attachments. These are included in the prepopulated section "Forbidden archive file attachments" where the check mark for "password protected" is also set. At the same time, however, there is the section “Archive file attachments with password protection”, which belongs to the “Processing of results” level. What exactly is the difference here?
Thanks in advance for a brief enlightenment
Stefano