Jump to content

Chadh

Members
  • Content Count

    75
  • Joined

  • Last visited

  • Days Won

    3

Posts posted by Chadh

  1. Hello Everyone,

     

    In my previous response, I said HIPS will support wildcards in the middle of a directory path. This is not correct. HIPS rules do NOT support wildcards in the middle of a directory path. Wildcards are only supported for the end of the path (e.g. path\to\folder\*). The developers have been notified of this issue.

     

    My previous statement that system variables are not allowed is still correct. The developers are also aware of this isue.

     

    I'm sorry for any inconvenience.

     

    Thank you,

    ChadH

     

    Hi JAF1979,

     

    System variables are not allowed when creating an exclusion or HIPS rule with Remote Administrator. In your example, you can use the wildcard "*". The path you should use in a HIPS rule would be:

     

    "c:\users\*\AppData\Roaming\Dropbox\bin\dropbox.exe"

     

    This will apply a block rule for all directories in users which contains the rest of the path ("AppData\Roaming\Dropbox\bin\dropbox.exe"). For instance, it will block both "c:\users\Administrator\AppData\Roaming\Dropbox\bin\dropbox.exe" and "c:\users\Test123\AppData\Roaming\Dropbox\bin\dropbox.exe".

     

    Hope this helps!

     

    Thanks,

    Chadh

  2. Correction:

    The current versions of Endpoint Antivirus and Endpoint Security are NOT compatible with Windows 8.1.

    Compatibility with Windows 8.1 will be available in later versions.

     

    Please watch our ESET Support News for announcements about new releases.

  3. Hello rekun,

     

    Regarding Operating System compatibility

     

    The current versions of Endpoint Antivirus and Endpoint Security are compatible with Windows 8.1.

    The latest version of File Security is compatible with Windows Server 2012. 

     

    For more information, please see the following Knowledgebase article:

    What operating systems are ESET products compatible with? (Business Users)

     

     

    Regarding new features

     

    We are continually developing and upgrading our products and their features. We welcome your feedback and suggestions.

     

    The best way to be notified of new versions and other ESET news is to follow our Support blog, Like ESET USA on Facebook, or follow ESET on Twitter:

    Facebook: ESET USA
     
    Twitter: ESET USA
     
    ESET Support Blog
     
    You can also subscribe to the Customer Care Support News RSS feed.

     

    Thank you,

    ChadH

  4. Hello sinigri,

     

    Based on the screenshots you provided, it appears the Remote Administrator Console on your workstation is displaying only the data from the last 7 days.

    Please adjust this filter setting to a longer time-frame. For instance, try using the setting Do not limit time.

     

    Please see the screenshot below for the location of this filter.

     

    post-970-0-72642700-1382370738_thumb.jpg

     

    Thank you,

    ChadH

  5. Hello Tomekw,

     

    We apologize for the inconvenience. Our virus lab is constantly working to provide new updates to both our heuristic engine and our virus signature database to combat the ever-evolving world of malware.

     

    We are unable to determine if your particular infection is included in our current Virus Signature Database with the information provided.

     

    For more information about this type of infection, commonly called “FBI ransomware”, please see the WeLiveSecurity blog post and ESET Knowledgebase articles below:

    FBI Ransomware: Reveton seeks MoneyPak payment in the name of the law

    My computer has been infected with "FBI" malware, what should I do?

     

    If you have ESET installed and you receive this notification, follow the steps below for the easiest method to remove the scareware infection:

    1. Turn off the PC
    2. Turn on the PC
    3. Wait 10 minutes
    4. Reboot
    5. Wait 10 minutes
    6. Reboot
    7. Run a full system scan

    If this procedure does not remove the infection, please contact ESET Customer Care for assistance with removing this infection.

     

    ESET provides full support for our users and we are dedicated to the protection of our users. We are also interested in any new virus or potential false positive samples. You can use the instructions within the Knowledgebase article below to submit these samples to our virus lab.

    How do I submit a virus, website or potential false positive sample to ESET's lab?

     

    To help protect yourself from infection in the future, please see the ESET Knowledgebase article below:

    What can I do to minimize the risk of a malware attack?

     

    Thank you,

    ChadH

  6. Hello Justin Dube,

     

    First, please stop any msiexec.exe process running on the machine. When you are looking at the processes on the machine, ensure you are viewing the processes from all users.

     

    Next, please see the steps in the following Knowledgebase article to remove all files and registry entries associated with Remote Administrator:

    Uninstalling ESET Remote Administrator manually

     

    Finally, please ensure you are installing the latest version of Remote Administrator. Installing the latest version of the software will ensure maximum compatability with your operating system. In addition, Remote Administrator is backwards-compatible with older versions of our client software. For instructions how to install Remote Administrator, with direct download links to the lastest version of the software, please see the following Knowledgebase article:

    How do I install ESET Remote Administrator and configure a Mirror server? (5.x)

     

    Thank you,

    ChadH

  7. Hello Everyone,

     

    The issue is now resolved. Here is a summary of the issue and resolution:

     

    Issue:

    • Endpoint Antivirus clients were unable to connect to the Remote Administrator server for their updates
    • This results in the error "Server Not Found"
    • We confirmed the server address and port information was correct
    • They were unable to connect to the server because the network cards have a low-energy usage mode which takes some time to initialize
    • We were able to manually update them, but it appeared as if the clients needed manual intervention after a failed update

    Solution:

    • Endpoint products will continue to attempt updating with the automatic update task after an error
    • However, Endpoint products will wait 2 hours after a failed update attempt to try to update again
    • We waited two hours after the error and confirmed the clients were able update automatically without issue

    Thank you,

    ChadH

  8. Hello Kicaj,

     

    Is this issue with Firefox occuring on the Windows 7 system you posted version information about at the start of the thread?

     

    If so, please give a few example URLs that are not being blocked.

     

    If not, please provide the following information:

    • Operating system
    • ESET product
    • ESET version
    • Firefox version
    • 3 example URLs that are not being blocked

    Thank you,

    ChadH

  9. Hello,

    Please use the steps below to evaluate why the email message was not received.

    Check the ESET Mail Security Antispam logs

    1. Ensure Antispam logging is enabled (it is enabled by default)
      1. Open ESET Mail Security
      2. Press the F5 key to display the Setup window
      3. Navigate to Server protection -> Log files
      4. Verify the check box next to Log spam score is selected
      5. Click OK
    2. Verify if ESET Mail Security processed the email by checking the Antispam Log
      1. Where can I find log files created by my ESET Business Edition product?
    3. If the email is in the Antispam log, check the action taken on the email
      1. Retained: No action was performed on the message
      2. Quarantined: Message was moved into quarantine. Check your Quarantine settings using the following Knowledgebase article:
        How do I redirect spam email to a specific location (mailbox) using ESET Mail Security for Microsoft Exchange? (4.x)
      3. Rejected: Message was denied and the SMTP reject answer sent to the sender
      4. Deleted: Message was deleted using silent drop and no notification was sent to the sender

    Note: For more information about Mail Security Spam scores and categories, please see the Antispam log section in the ESET Mail Security User Guide

    Check if the email was blocked by ESET Mail Security Greylisting

    1. Check if Greylisting is enabled
      1. Open ESET Mail Security
      2. Press the F5 key to display the Setup window
      3. Navigate to Server protection -> Antispam protection -> Microsoft Exchange Server -> Transport agent
      4. Verify the check box next to Enable Greylisting is selected
      5. Click OK
    2. If Greylisting is enabled, check if Greylisting actions are logged
      1. Open ESET Mail Security
      2. Press the F5 key to display the Setup window
      3. Navigate to Server protection -> Log files
      4. Select the check box next to Log Greylisting activity
      5. Click OK
    3. If Greylisting is enabled and logging, check if there is an entry in the Greylisting log for the sender’s address or domain
      1. Where can I find log files created by my ESET Business Edition product?
    4. If there is an entry in the Greylisting log for the sender’s address/domain, check the action taken
      1. Rejected:  the incoming message was denied using the basic precept of Greylisting (first delivery attempt)
      2. Rejected (not verified): The incoming message was redelivered by the sending server, but the time limit to deny the connection has not elapsed yet (this starts after the initial connection denial and must elapse before the email will be accepted)
      3. Verified: the incoming message was redelivered several times by the sending server, the time limit for the initial connection denial has elapsed, and the message was successfully verified and was direct to the other filters within Mail Security

    Note: For more information about Greylisting in Mail Security, please see the Greylisting section in the ESET Mail Security User Guide

    Verify the email was received and delivered using Exchange Message Tracking

    Verify if there another Antispam appliance or program in your organization

    • Check if there are any other antispam programs are installed on the server or workstations
    • Check if there are any external antispam hardware appliances on your network
    • Check if the MX record for your domain is directed to a third-party email host; if so, do they have antispam or antivirus scanning of your email?
    • Check the headers of an email that was received correctly by the intended recipient, if other antispam programs scanned the email, they may write information to the header (for example, the Exchange 2013 Antispam module will write headers using this format)

     

    Thank you,

    ChadH

  10. Hello Joe V,

     

    You can create a script to use the ESET command-line scanner.

     

    Please see our Knowledgebase article about the ESET Command-line scanner and its syntax.

     

    Here are two example commands that you can use to scan all the local drives, scan operating memory, display a progress indicator, and create a log of the scan (located at C:\ecls.txt).

     

    For ESET NOD32 Business Edition version 4.x:
    "C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" /base-dir="C:\Program Files\ESET\ESET NOD32 Antivirus" /auto /memory /log-file=c:\ecls.txt /aind
     

    For ESET File Security:
    "C:\Program Files\ESET\ESET File Security\ecls.exe" /base-dir="C:\Program Files\ESET\ESET File Security" /auto /memory /log-file=c:\ecls.txt /aind
     

    Thank you,
    ChadH

  11. Hello Fabio75,

     

    Welcome to ESET :)

     

    Please see the responses to your questions below:

     

    training features are useful if users don't cooperate classifying incoming email as spam or not-spam?

     

    Yes, training mode will look at known ham emails and known spam emails that pass through Mail Security. For more information on Training in EMSX, please see Page 38 of the user manual linked below:

    ------------------------------------------------------------------------------
    hxxp://download.eset.com/manuals/eset_emsx_45_userguide_enu.pdf
    ------------------------------------------------------------------------------

     

    ..and how can a user tell to EMSX that incoming emails are spam or not?

     
    There is currently no way for users to interact with the anti-spam filtering of EMSX. All modifications to the anti-spam filtering (including whitelisting) must be performed by the administrator.
     
    Using quarantine mailbox how can I tell to EMSX that some emails are legitimate?
     
    Please see the response to the previous question. You will not be able to modify EMSX behavior directly from a quarantine mailbox. All modifications to anti-spam rules must be done through the EMSX GUI or using ESET Remote Administrator.
     
    Is it possible to use greylist feature with a POP3 Exchange Server Connector?

     

    Yes, greylisting should function with POP3 connectors.

     

    Thank you,

    Chad

×
×
  • Create New...