Jump to content

Chadh

Members
  • Content Count

    75
  • Joined

  • Last visited

  • Days Won

    3

Posts posted by Chadh

  1. Hello DanAvni,

     

    It is not possible to exempt an address or domain from one particular type of antispam detection (i.e. reputation checking). Exemptions in the Mail Security Allowed Senders list or the Exchange Safe Senders list will apply for all antispam module checking.

     

    You can adjust the sensitivity of the DNSBL and RBL checking, however THIS IS NOT ADVISED. This will affect all email that is scanned by Mail Security. For steps on this process, please see below:

    1. Open ESET Mail Security by clicking Start -> All Programs -> ESET -> ESET Mail Security -> ESET Mail Security.
    2. Press F5 on your keyboard to open Setup.
    3. Expand Antispam protection, click Antispam engine and then click Setup.
    4. Click Verification -> DNSBL.
    5. Adjust the DNSBL verification sensitivity, depending on your needs.
      1. If the spam score of the email is already greater than the "high" value, then only those DNSBL servers which can bring score below "high" value are queried.
      2. If the spam score of the email is already less than the "low" value, then only those DNSBL servers which can bring score above "low" value are queried.
      3. If the spam score of the email is already between "low" and "high", then all DNSBL servers are queried.
    6. Click OK, then click OK again to save your changes.

     

    Thank you,
    ChadH

  2. Hello theodolus,

     

    The management password is the password specified in Step 6 of the Virtual Appliance deployment process described in Chapter 3.3 of the ERA v6 manual. Step 7 has a screenshot with the password box highlighted. Please ensure this password is configured, and try the deployment again.

     

    Thank you,
    ChadH

  3. Hello hmatthews,

     

    If you encounter this error, you will need to ensure your existing SQL instance is listening on port 1433. To enable the instance to listen on port 1433, please use the following steps:

    1. On the Start menu, point to All Programs, point to Microsoft SQL Server, point to Configuration Tools, and then click SQL Server Configuration Manager.
    2. Navigate to SQL Server Network Configuration -> Protocols for %YOUR_INSTANCE_NAME% (the default is MSSQLServer or SQLEXPRESS)
    3. Double-click the TCP/IP protocol
    4. Locate the Enabled field and change the drop-down box to Yes
    5. Select the IP Addresses tab
    6. Navigate to the IPAll section
    7. In the IPAll section, delete any information in the field "TCP Dynamic Ports"
    8. In the IPAll section, change the field for TCP Port to 1433
    9. Click OK
    10. Select the SQL Server Services entry in the list on the left
    11. In the pane on the right, right-click SQL Server (%YOUR_INSTANCE_NAME%) and select Restart

     

    Thank you,
    ChadH

  4. Hello soundman87,
     
    Thank you for posting this answer. I have reformatted and expanded the steps you outlined.If you encounter this error, you will need to ensure your existing SQL instance is listening on port 1433. To enable the instance to listen on port 1433, please use the following steps:

    1. On the Start menu, point to All Programs, point to Microsoft SQL Server, point to Configuration Tools, and then click SQL Server Configuration Manager.
    2. Navigate to SQL Server Network Configuration -> Protocols for %YOUR_INSTANCE_NAME% (the default is MSSQLServer or SQLEXPRESS)
    3. Double-click the TCP/IP protocol
    4. Locate the Enabled field and change the drop-down box to Yes
    5. Select the IP Addresses tab
    6. Navigate to the IPAll section
    7. In the IPAll section, delete any information in the field "TCP Dynamic Ports"
    8. In the IPAll section, change the field for TCP Port to 1433
    9. Click OK
    10. Select the SQL Server Services entry in the list on the left
    11. In the pane on the right, right-click SQL Server (%YOUR_INSTANCE_NAME%) and select Restart

     

    Thank you,
    ChadH

  5. Hello DocTonza,

     

    “Non-specific spam indicator” is the designation used for emails that are detected as spam by the Mail Security anti-spam heuristics. There is no way to adjust this detection directly. To address this issue, please ensure you are on the latest version of ESET Mail Security. For your reference on this procedure, please see this ESET Knowledgebase article.

     

    If Mail Security is still automatically assigning a score of 50 to all emails with a signature, please adjust the automatic configuration for Mail Security. To change Mail Security’s automatic configuration, please follow the steps below:

    1. Open ESET Mail Security by clicking Start -> All Programs -> ESET -> ESET Mail Security -> ESET Mail Security.
    2. Press F5 on your keyboard to open Setup.
    3. Expand Antispam protection, click Antispam engine and then click Setup.
    4. Click Options, and then on the right-hand side of the window, change the value for "Automatic configuration" to "Focus on minimizing FP".
    5. Click OK, then click OK again to save your changes.

    Thank you,

    ChadH

  6. Hello mvinoth,

     

    Per our user manual for ESET File Security for Linux:

     

    The following hardware requirements must be met before the installation process in order to run ESET File Security properly:

    • 250MB of hard-disk space
    • 256MB of RAM
    • glibc 2.3.6 or higher
    • 2.6.x Linux OS kernel versions

    ESET File Security should work on most recent and frequently used open-source Linux distributions if the above criteria are met.

    The following Linux distributions (x86/x64) are officially supported:

    • Red Hat Enterprise Linux
    • SUSE Linux Enterprise

     

    For your reference, please see Section 3 in the user manual. You can download a copy of the user manual at the following link: ESET FILE SECURITY - Installation Manual and User Guide

     

    Thank you,
    ChadH

  7. Hello UnDocumented,

     

    Replication sounds like a great option to ensure you can manage both of your sites from one Remote Administrator (ERA) server. For directions on configuring replication, please click or copy/paste the following ESET Knowledgebase article into your web browser: How do I configure ESET Remote Administrator server replication?

     

    Please designate one of your ERA servers to be the parent and the other ERA server will be the Child server. If you have any questions, please let us know.

     

    Thank you,
    ChadH

  8. Hello sos4eset,

    1. ESET File Security must be uninstalled prior to installing ESET Mail Security. Mail Security will protect both your Exchange server and the Operating System that is running it. Think of Mail Security as ESET File Security + Exchange scanning.
    2. With regards to the licenses, Mail Security and File Security have their own unique licenses. Please contact the company you purchased through or ESET Sales for more information regarding licenses. Please contact your local ESET Partner, you can find the contact information for the ESET partner in your country on this page.
    3. Mail Security can be installed on any Exchange server node that is running a Transport Agent.
    4. Remote Administrator can be installed on any system. It is independent of any other ESET product.

    Thank you,
    ChadH

  9. Hello Bastien,

     

    ESET File Security will attempt to write logs using the syslog daemon by default. In some systems, the daemon is configured to write these logs to /var/log. To correct this issue, you have three options:

    1. Ensure there is enough free space for /var by deleting items or allocating more space.
    2. Adjust the destination for the logs written by the syslog daemon, see the man page for syslogd and the man page for syslog.conf.
    3. Adjust the syslog facility used by File Security and ensure that facility is configured to write to a different location. To do this, please follow the steps below:
      1. Edit the configuration for File Security, located here: /etc/opt/eset/esets/esets.cfg.
      2. Locate the line #syslog_facility = "daemon".
      3. Uncomment the line.
      4. Replace “daemon” with any of the other syslog facilities (the names of the other facilities are two lines above #syslog_facility = "daemon"). For example, syslog_facility = "local0".
      5. Ensure your chosen facility is configured to write to a location other than /var. Please see Step 2 for information about configuring syslog facilities.

    Please let me know if this does not work.

     

    Thank you,

    ChadH

  10. Hello openmind,

    1. Those settings are correct.
    2. If no logs are displayed, please ensure Show All and Do not limit time are selected, as shown in Figure 1-2 of the following Knowledgebase article: Where can I find log files created by my ESET product?. If no logs are displayed, please deselect the option Use Filter. If no logs are displayed, there may not be any logs available in Remote Administrator for that log type. If you feel there should be some logs available in Remote Administrator because one of the clients connected to the server, please contact your local ESET support representatives for assistance.
    3. I’m glad you got that working.

    Thank you,

    ChadH

  11. Hello Staj,

     

    If the Remote Administrator (ERA) Server services are configured to use a service account, the service account will need the following permissions:

    • Write permission to Program Files\ESET folder
    • Read/write permission to ProgramData\ESET folder
    • Network access rights
    • Read/write permission to ESET’s HKLM registry
    • Read/write permission for ERA database (either on local system or external database)

    Thank you,

    ChadH

  12. Hello openmind,

     

    1. To adjust Remote Administrator’s retention time of logs, please follow the steps below:

    1. Open the ESET Remote Administrator Console (ERAC) by clicking Start -> All Programs -> ESET -> ESET Remote Administrator Console -> ESET Remote Administrator Console.
    2. Click Tools -> Server Options.
    3. Click the Advanced tab -> Edit Advanced Settings.
    4. Expand Remote Administrator -> ERA Server -> Settings -> Server maintenance -> Time limit cleanup.
    5. Expand the desired log cleanup settings that you want to modify.
    6. Select Delete logs older than and enter a number into the Value field.
    7. Select Delete base value and select Days or Months from the Value drop-down menu.
    8. Click Console -> Yes to save your changes. Click OK to exit the Server Options window.

    2. To export all of a particular type of log, please see the Knowledgebase article below:


    Where can I find log files created by my ESET product?

     

    3. To enable report delivery by email, please see the Knowledgebase article below:

     

    How do I set up ESET Remote Administrator Server to send email reports and notifications? (5.x)

     

    Thank you,

    ChadH

  13. Hello DiPersiaTech,

     

    We were unable to find any indication of Norton Internet Security in the files you provided. To ensure all remaining files, folders, and registry keys from the previous antivirus are removed, please follow the steps below.

     

    IMPORTANT

    • Before following the steps below, uninstall the detected antivirus product using the recommended steps from the product’s manufacturer.
    • After attempting to remove the software using the recommended steps, please try using the appropriate uninstall tool provided by the manufacturer. For a list of uninstall tools, please click to open the following ESET Knowledgebase article:
      Uninstallers (removal tools) for common Windows antivirus software

     

    First, please ensure all hidden files and folders are visible by using the steps below:

    1. Open Windows Explorer.
    2. On the Tools menu, click Folder Options (Note: In Windows 7 or Vista, press the ALT key to display the menu bar).
    3. Click the View tab.
    4. In the Advanced settings pane, under Hidden files and folders, click Show hidden files and folders.
    5. Uncheck the box next to Hide extensions for known file types.
    6. Click OK, and then close the open windows.

    Next, please remove all files and folders from the existing antivirus product detected by your ESET installation. Please ensure you remove all files and folders that have the name of the antivirus product or the manufacturer’s company name (e.g. NOD32 Antivirus and ESET). Please follow the steps below for each of the file paths:

    1. Click Start.
    2. Click All Programs -> Accessories (skip this step in Windows XP).
    3. Click Run.
    4. Type %ProgramFiles% and then click OK.
    5. Please delete all files and folders that have the name of the antivirus product or the manufacturer’s company name (e.g. NOD32 Antivirus and ESET).

    Please repeat the steps above for each of the following file paths:

    • %ProgramFiles%
    • %CommonProgramFiles%
    • %ProgramFiles(x86)%
    • %CommonProgramFiles(x86)%
    • %appdata%
    • %localappdata%
    • %AllUsersprofile%\Application Data

    Then, please clear the Windows temporary folders using the steps below:

    1. Click Start.
    2. Click All Programs -> Accessories (skip this step in Windows XP).
    3. Click Run.
    4. Type %temp% and then click OK.
    5. Press CTRL + A on your keyboard to select all items in the folder.
    6. Press Delete (or DEL) on your keyboard to delete all files and folders. If prompted, click Yes to confirm deletion. This may take some time to complete.

    Note: If you receive a File In Use pop-up error message, check the box next to Do this for all current items and click Skip to continue deleting the other files

    1. After the deletion process finishes, please close Windows Explorer.
    2. Click Start.
    3. Click All Programs -> Accessories (skip this step in Windows XP).
    4. Click Run.
    5. Type %localappdata%\temp and then click OK.
    6. Press CTRL + A on your keyboard to select all items in the folder.
    7. Press Delete (or DEL) on your keyboard to delete all files and folders. If prompted, click Yes to confirm deletion. This may take some time to complete.
    8. After the deletion process finishes, please close Windows Explorer.

    After clearing the Windows temporary folders, please delete any registry key that has the name of the antivirus product or the manufacturer’s company name (e.g. NOD32 Antivirus and ESET). To do this, please follow the steps below:

     

    Warning: Use Registry Editor at your own risk

    • Making incorrect changes in the Window Registry Editor can cause serious problems that may require you to reinstall your operating system, or that cannot be resolved at all.
    • Some of the registry keys referenced below may not exist in all environments (based on the operating system and other factors).
    1. Create a restore point by following the steps in the following Microsoft Knowledge Base article: hxxp://windows.microsoft.com/en-us/windows7/create-a-restore-point
    2. Back up the registry by following the steps in the following Microsoft Knowledge Base article: hxxp://windows.microsoft.com/en-us/windows-vista/back-up-the-registry
    3. Click Start.
    4. Click All Programs -> Accessories (skip this step in Windows XP).
    5. Click Run.
    6. Type regedit and then click OK.
    7. Navigate to HKEY_CURRENT_USER\Software.
    8. Please delete all registry keys that have the name of the antivirus product or the manufacturer’s company name (e.g. NOD32 Antivirus and ESET).

    Please repeat the Steps 7 and 8 above for each of the following registry paths:

    • HKEY_CURRENT_USER\Software
    • HKEY_LOCAL_MACHINE\SOFTWARE
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Upgrade Codes\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\
    • HKEY_CLASSES_ROOT\Installer

    After following these steps, please reboot your system. After rebooting, please try the installation of your ESET product again.

     

    Thank you,

    ChadH

  14. Hello mwalters,

     

    From the image of the header you have provided, the item was marked as [Quarantine]. This is not the typical tag used by ESET Mail Security. Did you change the tag used for email detected as spam? Or, are you using another antispam product?

     

    In addition, please check the header of the email to ensure Mail Security scanned it. If Mail Security scanned it, the following entries will appear in the header of the email (writing information to headers of scanned email is enabled by default):

     

    • X-ESET-AS: SCORE=20
    • X-MS-Exchange-Organization-SCL: 2
    • X-EsetResult: clean, is OK

     

    For more information about Antispam filtering and scoring, please click or copy/paste the following ESET Knowledgebase article into your web browser: How does Antispam scoring and email filtering work in ESET products?

     

    Every company receives their own unique combination of the types and senders of spam, so specific recommendations on configuration changes are unique to each customer. Because of this, the default settings for Mail Security are considered best practice. Here are some general recommendations to improve the spam detection and handling:

     

    • Ensure the Mail Security software is the latest major revision (e.g. version 4.5.xxxxx)
    • Ensure Mail Security is regularly updating its Virus Signature Database and Antispam rules
    • Ensure all configuration settings to allow or block email are set correctly. Please keep in mind, when evaluating emails, Mail Security takes into account the configurations of:
      • Any Mail Security rules
      • The Mail Security Approved sender/IP addresses list
      • The Mail Security Ignored IP sender/IP addresses list
      • The Safe Senders list on the Exchange server
      • The Allow IP list on the Exchange server
      • The AntispamBypass settings for the recipient mailbox

     

    If you are receiving a large amount of undetected spam, please ensure your Mail Security settings are default. If you have confirmed the settings are default, but are still receiving a large amount of undetected spam, please contact your local ESET support for assistance.

     

    Thank you,

    ChadH

  15. Hello fahadkt,

     

    Please describe your current situation:

     

    • You say you are doing an ESET Security installation. Which product and version are you installing?
    • You say you are replacing ESET AV. Which product and version do you have installed?
    • How many systems have this issue? Have any succeeded?
    • Have you tried running the installation on a local system, instead of using the Remote Administrator (ERA)?

     

    In addition, please ensure the ERA server service is configured to use a Domain Administrator account’s credentials. For your reference on this procedure, please see this Knowledgebase article: Push install status stays on "waiting" in ESET Remote Administrator.

     

    Finally, please gather some logs from one of the systems you are trying to upgrade using the Push Install. Please follow the steps below and PM me the results. You should not attach the files to a reply to this post, as they may contain sensitive information about your system and network.

    1. Gather an ESET SysInspector Log from the ERA server. For directions on this process, please click or copy/paste the following ESET Knowledgebase article into your web browser:
      How do I create a Sysinspector log and submit it to ESET Customer Care for analysis?
    2. Gather an ESET SysInspector Log from the system you will upgrade using the Push Install.
    3. Run a Push Install Diagnostic to the system and save the results. For directions on this process, please click or copy/paste the following ESET Knowledgebase article into your web browser:
      How do I run a push install diagnostic in ESET Remote Administrator and submit it to ESET Customer Care?
    4. Run the Push Install to the same system. Gather the diagnostic logs from the Push Install, using the steps below:
      1. Click the Remote Install tab at the bottom right of ESET Remote Administrator Console and then click the Install Tasks pane. Your Push Install task will be displayed in the Task Name column.
      2. Double-click the task, click the Details tab and click View All Logs.
      3. Click Copy to Clipboard. Open a blank file in Notepad, right-click and select Paste from the context menu. Save the file to your Desktop.
    5. Compress all four of these files (SysInspector log from the ERA server, SysInspector log from the workstation, Push Install Diagnostic log, and Push Install log) into a zipped folder.
    6. Send me a PM with this zipped file attached. You should not attach the files to a reply to this thread, as they may contain sensitive information about your system and network.

     

    Thank you,

    ChadH

  16. Hello BerndH,

     

    Our developers have confirmed when ESET Mail Security checks the scheduled items during system boot, it does not check if the Antispam engine is enabled or disabled. If those scheduled items are removed, it will recreate them, even if the Antispam engine is disabled. They suggested changing the task to run once as workaround. For directions on this process, please see the steps below:

     

    1. Open the ESET Remote Administrator Console (ERAC) by clicking Start -> All Programs -> ESET -> ESET Remote Administrator Console -> ESET Remote Administrator Console.

    2. Click Tools -> Policy Manager.

    3. Select the policy that you wish to modify and click Edit policy.

    4. Expand Windows server v4.5 -> Mail Security 4.5 for MS Exchange Server -> General Settings -> Tools -> Scheduler, select Scheduler/Planner and click Edit.

     

    Note: If you already added the tasks and marked them for deletion, per the steps in my previous post, please highlight the tasks one at a time and click Remove to delete them. When prompted, click Yes to confirm the deletion. After removing the tasks, please continue with the rest of the steps below.

     

    5. Click Default, select the task you wish to change (Regular automatic antispam rules update), and click OK. Click Default again, select the other tasks you wish to change (Regular automatic antispam engine upgrade), and click OK.

    6. Ensure the checkbox next to the newly-added tasks are selected.

    7. Select Regular automatic antispam rules update and click Edit.

    8. Click Next and change the selection of Run the task from Repeatedly to Once.

    9. Click Next and change the Date of task execution to a very distant date (e.g. 1/1/2038).

    10. Click Next, click Next again, and then click Finish.

    11. Select Regular automatic antispam engine upgrade and click Edit.

    12. Follow Steps 8 through 10 for this task.

    13. Click Console, click Yes to save your changes and then click OK to exit Policy Manager. The next time the Mail Security client assigned to this policy checks in to Remote Administrator, the configuration will be changed.

     

    Please let us know if you have any additional questions.

     

    Thank you,

    ChadH

  17. Hello Megachip,

     

    Our developers responded with the following information:

     

    Regarding "esets" and "lsb-esets":

    • "esets" corresponds to ESET Mail/File/Gateway Security (server) product
    • "lsb-esets" corresponds to ESET NOD32 Antivirus (desktop) product

    It is not true that lsb-esets conflicts with esets, it's just a customer's suggestion on that linked page. But the desktop product already checks the presence of server product and refuses to install, if found. However, the desktop product will not detect the server product if it is installed as rpm package created for remote installation. Parallel functionality of desktop and server product on the same machine is not possible.

     

    To answer your question, package dependencies are as follows:

    • Server product: ed, openssl, awk
    • Desktop product: awk

    Moreover, all 64bit products also need 32bit libc environment installed.

     

    Please let us know if you need further assistance.

     

    Thank you,

    ChadH

  18. Hi BerndH,

     

    I was able to replicate your issue. I have contacted the developers about the issue.

     

    For now, please use Remote Administrator to ensure the tasks are removed and the Antispam engine is disabled. For directions on this process, please follow the steps below:

     

    1. Open the ESET Remote Administrator Console (ERAC) by clicking Start -> All Programs -> ESET -> ESET Remote Administrator Console -> ESET Remote Administrator Console.
    2. Click Tools -> Policy Manager.
    3. Select the policy that you wish to modify and click Edit policy.
    4. Expand Windows server v4.5 -> Mail Security 4.5 for MS Exchange Server -> General Settings -> Tools -> Scheduler, select Scheduler/Planner and click Edit.
    5. Click Default, select the task you wish to remove (Regular automatic antispam rules update), and click OK. Click Default again, select the tasks you wish to remove (Regular automatic antispam engine upgrade), and click OK

     

    NOTE

    If you do not see these tasks in the Add default task window, please upgrade Remote Administrator to the latest version. For directions on this process, please use the following link: How do I upgrade ESET Remote Administrator to the latest version?

     

    6. Select the task and click Mark for deletion. When prompted, click Yes to confirm. Select the other task and click Mark for deletion. When prompted, click Yes to confirm.
    7. Make sure that you see "Delete" in the Status column and click OK.
    8. Expand Windows server v4.5 -> Mail Security 4.5 for MS Exchange Server -> Server protection -> General mail server protection settings -> Antispam protection and select Enable mail server antispam protection. Deselect the Value check box on the right-hand side of the window.
    9. Click Console, click Yes to save your changes and then click OK to exit Policy Manager. The next time the Mail Security client assigned to this policy checks in, the default tasks that you marked for deletion will be removed.

     

    I will update this thread when I hear from the developers.

     

    Thank you,

    ChadH

×
×
  • Create New...