Chadh

Hello Everyone, In my previous response, I said HIPS will support wildcards in the middle of a directory path. This is not correct. HIPS rules do NOT support wildcards in the middle of a directory path. Wildcards are only supported for the end of the path (e.g. path\to\folder\*). The developers have been notified of this issue. My previous statement that system variables are not allowed is still correct. The developers are also aware of this isue. I'm sorry for any inconvenience. Thank you, ChadH Hi JAF1979, System variables are not allowed when creating an exclusion or HIPS rule with Remote Administrator. In your example, you can use the wildcard "*". The path you should use in a HIPS rule would be: "c:\users\*\AppData\Roaming\Dropbox\bin\dropbox.exe" This will apply a block rule for all directories in users which contains the rest of the path ("AppData\Roaming\Dropbox\bin\dropbox.exe"). For instance, it will block both "c:\users\Administrator\AppData\Roaming\Dropbox\bin\dropbox.exe" and "c:\users\Test123\AppData\Roaming\Dropbox\bin\dropbox.exe". Hope this helps! Thanks, Chadh

Correction: The current versions of Endpoint Antivirus and Endpoint Security are NOT compatible with Windows 8.1. Compatibility with Windows 8.1 will be available in later versions. Please watch our ESET Support News for announcements about new releases.

Hello rekun, Regarding Operating System compatibility The current versions of Endpoint Antivirus and Endpoint Security are compatible with Windows 8.1. The latest version of File Security is compatible with Windows Server 2012. For more information, please see the following Knowledgebase article: What operating systems are ESET products compatible with? (Business Users) Regarding new features We are continually developing and upgrading our products and their features. We welcome your feedback and suggestions. The best way to be notified of new versions and other ESET news is to follow our Support blog, Like ESET USA on Facebook, or follow ESET on Twitter: Facebook: ESET USA Twitter: ESET USA ESET Support Blog You can also subscribe to the Customer Care Support News RSS feed. Thank you, ChadH

Hello sinigri, Based on the screenshots you provided, it appears the Remote Administrator Console on your workstation is displaying only the data from the last 7 days. Please adjust this filter setting to a longer time-frame. For instance, try using the setting Do not limit time. Please see the screenshot below for the location of this filter. Thank you, ChadH

Hello Tomekw, We apologize for the inconvenience. Our virus lab is constantly working to provide new updates to both our heuristic engine and our virus signature database to combat the ever-evolving world of malware. We are unable to determine if your particular infection is included in our current Virus Signature Database with the information provided. For more information about this type of infection, commonly called “FBI ransomware”, please see the WeLiveSecurity blog post and ESET Knowledgebase articles below: FBI Ransomware: Reveton seeks MoneyPak payment in the name of the law My computer has been infected with "FBI" malware, what should I do? If you have ESET installed and you receive this notification, follow the steps below for the easiest method to remove the scareware infection: Turn off the PC Turn on the PC Wait 10 minutes Reboot Wait 10 minutes Reboot Run a full system scan If this procedure does not remove the infection, please contact ESET Customer Care for assistance with removing this infection. ESET provides full support for our users and we are dedicated to the protection of our users. We are also interested in any new virus or potential false positive samples. You can use the instructions within the Knowledgebase article below to submit these samples to our virus lab. How do I submit a virus, website or potential false positive sample to ESET's lab? To help protect yourself from infection in the future, please see the ESET Knowledgebase article below: What can I do to minimize the risk of a malware attack? Thank you, ChadH

Hello, No, there is no way to resend email that was blocked by ESET Mail Security. Thank you, ChadH

Hello LocknetSSmith, If the computer, or its hard drives, are in hibernate or sleep mode, no scheduled task will run. In addition, if a scan is running, the task will stop if the computer enters a power saving state. Thank you, ChadH

Hello Justin Dube, First, please stop any msiexec.exe process running on the machine. When you are looking at the processes on the machine, ensure you are viewing the processes from all users. Next, please see the steps in the following Knowledgebase article to remove all files and registry entries associated with Remote Administrator: Uninstalling ESET Remote Administrator manually Finally, please ensure you are installing the latest version of Remote Administrator. Installing the latest version of the software will ensure maximum compatability with your operating system. In addition, Remote Administrator is backwards-compatible with older versions of our client software. For instructions how to install Remote Administrator, with direct download links to the lastest version of the software, please see the following Knowledgebase article: How do I install ESET Remote Administrator and configure a Mirror server? (5.x) Thank you, ChadH

Hello Everyone, The issue is now resolved. Here is a summary of the issue and resolution: Issue: Endpoint Antivirus clients were unable to connect to the Remote Administrator server for their updates This results in the error "Server Not Found" We confirmed the server address and port information was correct They were unable to connect to the server because the network cards have a low-energy usage mode which takes some time to initialize We were able to manually update them, but it appeared as if the clients needed manual intervention after a failed update Solution: Endpoint products will continue to attempt updating with the automatic update task after an error However, Endpoint products will wait 2 hours after a failed update attempt to try to update again We waited two hours after the error and confirmed the clients were able update automatically without issue Thank you, ChadH

Hello Kicaj, Is this issue with Firefox occuring on the Windows 7 system you posted version information about at the start of the thread? If so, please give a few example URLs that are not being blocked. If not, please provide the following information: Operating system ESET product ESET version Firefox version 3 example URLs that are not being blocked Thank you, ChadH

Hello UnDocumented, Please try the troubleshooting steps outlined in the following Knowledgebase article: Why can't I see client workstations in the client tab of the ESET Remote Administrator Console? Thank you, ChadH

Hi mintuz, If you are not using Apple Remote Desktop, how are you trying to deploy NOD32 to your workstations? Also, what version of NOD32 for OSX are you installing? Thank you, ChadH

Hello, Please use the steps below to evaluate why the email message was not received. Check the ESET Mail Security Antispam logs Ensure Antispam logging is enabled (it is enabled by default) Open ESET Mail Security Press the F5 key to display the Setup window Navigate to Server protection -> Log files Verify the check box next to Log spam score is selected Click OK Verify if ESET Mail Security processed the email by checking the Antispam Log Where can I find log files created by my ESET Business Edition product? If the email is in the Antispam log, check the action taken on the email Retained: No action was performed on the message Quarantined: Message was moved into quarantine. Check your Quarantine settings using the following Knowledgebase article: How do I redirect spam email to a specific location (mailbox) using ESET Mail Security for Microsoft Exchange? (4.x) Rejected: Message was denied and the SMTP reject answer sent to the sender Deleted: Message was deleted using silent drop and no notification was sent to the sender Note: For more information about Mail Security Spam scores and categories, please see the Antispam log section in the ESET Mail Security User Guide Check if the email was blocked by ESET Mail Security Greylisting Check if Greylisting is enabled Open ESET Mail Security Press the F5 key to display the Setup window Navigate to Server protection -> Antispam protection -> Microsoft Exchange Server -> Transport agent Verify the check box next to Enable Greylisting is selected Click OK If Greylisting is enabled, check if Greylisting actions are logged Open ESET Mail Security Press the F5 key to display the Setup window Navigate to Server protection -> Log files Select the check box next to Log Greylisting activity Click OK If Greylisting is enabled and logging, check if there is an entry in the Greylisting log for the sender’s address or domain Where can I find log files created by my ESET Business Edition product? If there is an entry in the Greylisting log for the sender’s address/domain, check the action taken Rejected: the incoming message was denied using the basic precept of Greylisting (first delivery attempt) Rejected (not verified): The incoming message was redelivered by the sending server, but the time limit to deny the connection has not elapsed yet (this starts after the initial connection denial and must elapse before the email will be accepted) Verified: the incoming message was redelivered several times by the sending server, the time limit for the initial connection denial has elapsed, and the message was successfully verified and was direct to the other filters within Mail Security Note: For more information about Greylisting in Mail Security, please see the Greylisting section in the ESET Mail Security User Guide Verify the email was received and delivered using Exchange Message Tracking Exchange 2003 Exchange 2007 Exchange 2010 Exchange 2013 Verify if there another Antispam appliance or program in your organization Check if there are any other antispam programs are installed on the server or workstations Check if there are any external antispam hardware appliances on your network Check if the MX record for your domain is directed to a third-party email host; if so, do they have antispam or antivirus scanning of your email? Check the headers of an email that was received correctly by the intended recipient, if other antispam programs scanned the email, they may write information to the header (for example, the Exchange 2013 Antispam module will write headers using this format) Thank you, ChadH

Hi David VanVranken, We will need additional information to discover the cause of your issue. Please check your messages for instructions. Thank you, ChadH

Hello Joe V, You can create a script to use the ESET command-line scanner. Please see our Knowledgebase article about the ESET Command-line scanner and its syntax. Here are two example commands that you can use to scan all the local drives, scan operating memory, display a progress indicator, and create a log of the scan (located at C:\ecls.txt). For ESET NOD32 Business Edition version 4.x: "C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" /base-dir="C:\Program Files\ESET\ESET NOD32 Antivirus" /auto /memory /log-file=c:\ecls.txt /aind For ESET File Security: "C:\Program Files\ESET\ESET File Security\ecls.exe" /base-dir="C:\Program Files\ESET\ESET File Security" /auto /memory /log-file=c:\ecls.txt /aind Thank you, ChadH

Hello grant7072, Please check your messages. Thank you, Chad

Hello JakubF, Please let us know the following information from the notification that is not working correctly: Trigger type Activation after Client filter Parameters Thank you, Chad

Hello Fabio75, Welcome to ESET Please see the responses to your questions below: training features are useful if users don't cooperate classifying incoming email as spam or not-spam? Yes, training mode will look at known ham emails and known spam emails that pass through Mail Security. For more information on Training in EMSX, please see Page 38 of the user manual linked below: ------------------------------------------------------------------------------ hxxp://download.eset.com/manuals/eset_emsx_45_userguide_enu.pdf ------------------------------------------------------------------------------ ..and how can a user tell to EMSX that incoming emails are spam or not? There is currently no way for users to interact with the anti-spam filtering of EMSX. All modifications to the anti-spam filtering (including whitelisting) must be performed by the administrator. Using quarantine mailbox how can I tell to EMSX that some emails are legitimate? Please see the response to the previous question. You will not be able to modify EMSX behavior directly from a quarantine mailbox. All modifications to anti-spam rules must be done through the EMSX GUI or using ESET Remote Administrator. Is it possible to use greylist feature with a POP3 Exchange Server Connector? Yes, greylisting should function with POP3 connectors. Thank you, Chad