Search the Community

I have my mail quarantine running as a quarantine mailbox and it is working fine. I am wanting to send a daily report to users so have set up a 'send mail quarantine reports' scheduled task but when the report runs instead of sending out a report I am seeing 'Quarantine report - failed to get quarantine items' errors logged. Grateful for any pointers on how to resolve. Thanks.

Hello, Im using Windows 8.1, my friend borrowed my memory card and because of that my memory card got a virus. Eset Security was able to scan the virus but unable to delete it. Every time i click delete, it just says "Error While Cleaning" and in just goes to quarantine. Is there a way for me to delete the virus? Thanks.

Hi, so I've been having this problem for a week or so and I can't find a way to fix it. My ESET Personal Firewall + Windows Firewall are turned off for some random reason. It says that I should immediately restart my PC. I restarted it and I got the same message again. I tried re-installing it and nothing happened. When I tried to turn on Windows Firewall it didn't let me because of ESET. I'm using ESET Internet Security 10.0.369.0. Here are some screen shots: I'm usingg Windows 10 Pro. If anyone could help me please reply to this post.

I am excluding and restoring from quarantine via ERA and the local ESET client (6.4.2014.0) tftpd32.exe but as soon as it is restored and excluded either via ERA or the local client, ESET pops it again and sends it back to quarantine. This is also happening on ESET File Security for Windows Servers.

I am trying to configure the Email client protection so that e-mail attachments identified as infected can be recovered in case of a false positive. We are using Outlook 2010 through 2016 with enabled ESET Outlook integration. The server is Exchange 2010. Under - Advanced Setup - Email client protection - Threatsense Parameters - Cleaning, I configured "No Cleaning" to get a dialog of available actions. When an infected email is found, the dialog is shown, and a click on "More info" shows that the option "Copy to Quarantine" is checked. However, none of the available actions (Delete or No action) actually copies the attached file to quarantine (quarantine stays empty). A click on "Delete" removes the attachment and moves the e-mail to the "Infected Items" folder. No copy of the attachment can be found in quarantine (Main ESET Window - Tools - Quarantine). A click on "No action" moves the e-mail to the "Infected Items" folder without touching the attachment Is there another separate quarantine location dedicated to the email client protection or am I missing the correct configuration option? Thanks

Is it possible to set eset to automatically delete/purge quarantined items after a certain period of time? I do not want my quarantined items folder to become full and cause system instability. I know that I can manually delete quarantined items but I need to set an automatic plan to delete them after a few months or so.

Hi, i have a question because i once tried to update our Eset Mail Security for Linux on a debian based machine from version 4.0.10 to 4.5.3. I opened a support case at the german support team by mail in january, but they did not reply to me. I hope someone here can help me. After the upgrade to 4.5.3 the behavior differs from the state before. I tried to send the eicar test virus to my internal test account. With the old version 4.0.10 the recipient gets the cleaned up mail, the "full" mail goes into the quarantine. The daemon_notification_script was called and sent a mail to the administrator. After the upgrade, the recipient did not get the cleaned mail and there was no mail in the quarantine. The daemon_notification_script was executed and send a mail to the specified administrator. The upgrade script which migrates the esets.cfg config file produces a backup. Both files differ not on the corresponding lines. Only our quotation marks in the templates (av_eml_footnote_template_infected and av_eml_footnote_template_notscanned) were changed. Our goal is, that the local recipient gets a notification mail that somebody tried to send a message to him or that the local recipient gets the cleaned up mail. A notification mail should be sent to an administrator. In each case, we want to have the possibility to inspect the original mail and to forward or to delete it if we want to. This is our config-file: av_quarantine_enabled = yes av_scan_smart = yes action_av = "scan" action_av_infected = "discard" action_av_notscanned = "accept" action_av_deleted = "discard" action_as = "accept" action_as_spam = "accept" action_as_notscanned = "accept" av_eml_subject_modification_mask = "cleaned:deleted:infected:notscanned" av_eml_header_modification_mask = "clean:cleaned:deleted:infected:notscanned" av_eml_footnote_modification_mask = "infected:notscanned" av_eml_header_template = "%avstatus%" av_eml_subject_template = "[verdaechtige Email]" av_clean_mode = "standard" This is the notification mail, send by the daemon_notification_script with version 4.0.10 USERSPEC: recipient@domain.de|sender@domain.de MSGID: SENDER: Sender RECIPIENT: Recipient AV_STATUS: clean (cleaned) ACTION: accepted VIRUS: Eicar test file LOG: vdb=26541, agent=smtp, name="from: Sender to: Recipient with subject AW: Test dated Tue, 3 Nov 2015 13:34:16 +0100 ", virus="Eicar test file", action="quarantined - contained infected files", info="", avstatus="clean (cleaned)", hop="accepted" and this is the notification mail after the upgrade to version 4.5.3 USERSPEC: recipient@domain.de|sender@domain.de MSGID: <zarafa.56a2071c.7db5.46db4c753790cbb9@mailserver.domain.de> SENDER: RECIPIENT: AV_STATUS: infected ACTION: discarded VIRUS: Eicar test file LOG: vdb=27763, agent=smtp, name="dated Fri, 22 Jan 2016 11:40:28 +0100 ", virus="Eicar test file", action="unable to clean", info="", avstatus="infected", hop="discarded" Has anyone an idea? I cannot update to the new version as long as this behaviour is not corrected. thx and best Regards mmww

Hello all, Long-time lurker, first-time poster here. In trying to free up disk space on the server which houses my ESET server and RA console, I noticed some large .NQF files in the following folder: C:\SysWOW64\config\systemprofile\AppData\Local\ESET\ESET NOD32 Antivirus\Quarantine One of these .NQF files is over 8 GB in size. I'd like to know if I can delete these files directly from Windows Explorer, of if there is a method from within the ESET server or console that I should use instead. Thanks in advance!

I'm having problems with this trojan alert 28-Nov-15 7:18:58 AM Real-time file system protection file C:\Users\USER\Dropbox\.dropbox.cache\~6e01f8a7.tmp Win32/Filecoder.EM trojan deleted - quarantined WIN8PC\USER Event occurred on a new file created by the application: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe. File for sometime now "eset security" has been detecting and putting into quarantine it hasn't effected may computer but is really annoying it keeps popping up 6 at a time. has any one got any clues on this please. Cheers Brian

Today I opened ESPN, as I normally do every day, and I got an alert as soon as I started playing a video embedded on their main page. Played a different video and same thing. Of course this is a little unnerving and this is my first alert in over a year. The last one was a false positive as well. The object names are as follows: hxxp://player.ooyala.com/static/modules/analytics-.......(erased end to comply w/ rules). hxxp://cdn.modules.ooyala.com/static/modules/analytics-.......(erased end to comply w/ rules) E:\Users\UserName\AppData\Local\Google\Chrome\User Data\Profile 3\Cache\f_000337 Reason for all are "swf/exploit.agent.jm trojan" Any thoughts or advice would be greatly appreciated!

Greetings! I need help. Our program lost it's backup files. How can I retrieve cleaned objects from the past day? I can't see the cleaned objects in quarantine. Please help. What to do?

Where is the eset endpoint security quarantine folder location in windows 7?

Hi, I have noticed a blockage trying to visit a multi media installer website the other day. Checking on eset cyber security pro, I found this virus quarantined 3 times. Here is the log content 21/03/14 17:12:50 HTTP filter archive hxxp:// www.connectmult imedia.com.au JS/Agent.NKW trojan connection terminated - quarantined 747john 21/03/14 17:11:51 HTTP filter archive hxxp:// www.connectmultimedia.c om.au JS/Agent.NKW trojan connection terminated - quarantined 747john 21/03/14 17:11:16 HTTP filter archive hxxp:// www.connectmultimedia.co.au/hom e-page JS/Agent.NKW trojan connection terminated - quarantined 747john I am doing a smart scan now, if negative, can I suppose it didn't spread into my computers, all Mac Mavericks V.10.9.3, all protected by Eset CP 6.0.9.1 Any information about this threat would be welcome, thanks, John

I ran a deep scan and the report said it cleaned 1 object but there were 13 infected objects. How do I remove the infected objects from my Mac. I saw instructions on the board for Windows/PC but not for Mac.

Just happened this morning. It kept popping up whenever I load a website that I noramally do not visit. It doesn't show up when I go to facebook, or youtube, etc. It does however show when I google something, go to a blog, etc. I need help. Already scanned my computer. Found a threat the first time I did then I tried several times after and ESET said it was clean, though it still shows up whenever I visit some sites. Is this a false positivity? Can my eset antivirus help me out? or do I need to do something else? :/ I would appreciate all the help I can get. Thanks.

Hello guys This is the problem I have : I exclude some files from scanning but eset move them to quarantine. The files are crack and patches for games, for example NFS Rivals patch and crack. Can I force eset not to scan them? Or is there any third party software that i can install and dont allow eset to scan them?

Hello everyone, haven't been here in a long time and I'm happy to be here again. That aside, my ESET NOD 32 4.0.417.0 signature DB 9040 detects a variant of Win32/HackTool.Crack.BL Potentially unsafe application in the file steam_api.dll (https://www.virustotal.com/en/file/1827e9eb9417bec0d9869ba6a36d62b48f548dbb30c881dbf47ee1cb38304eb2/analysis/1384354621/). This steam_api.dll came from a torrent which included a crack provided with a game (XCOM: Enemy Within). I'm not sure whether this is a false positive (which seems unlikely) or a legitimate virus. Also, someone explain how can I upload samples (ESET doesn't want any potentially malicious files on their forums, but we need a way to send samples for other people to inspect) and why can't I submit files for analysis from the quarantine menu (It displays a pop-up with the title "Threatsense early warning system" and contains "Submission of suspicious files is currently disabled. File was placed in cache."). Thank you in advance.

NOD just popped an alert when accessing this commercial website www.paulswarehouse.com.au/storefront/storeincludes/js/floatcart.js and several other pages terminated connection and quarantined. When checking this site via virustotal is comes clean including Eset. I submitted this but just wonder why there is a difference in detection?

We have been having the most annoying spam problem for the last week with "Eset Mail Security for Exchange" (EMSX from here onwards) and Exchange 2007 (on an SBS2008 server). The spams started last Friday, and are typified by having a "Return-Path" in the header as: "<>". EMSX correctly identifies all these emails as spam, and says it has shifted them to the Quarantine as we have configured it to do. However the offending emails with a blank return path sender are actually being delivered to the end user's mailboxes instead of the quarantine! I spent several days faffing with various of my own fix attempts, before finally reporting it to Eset NZ (Chilisoft). Eset were aware of the problem, and had been attempting various fixes themselves for another site. In the end ESET's devs have discovered it was an Exchange problem, where Exchange was stopping ESET or itself from writing anything to the headers of the emails. Their offered work-around today was: Since we get too many false positives to make me happy to use the first suggestion, that only left the second. I tried creating the Sender Filtering for an email address called "<>" and set it to "Stamp Message as Blocked Sender" (since I also wasn't keen to reject these messages without knowing what effect it would have). However, it soon became apparent that this wasn't working, presumably because Exchange isn't writing to the headers, so of course it doesn't write the Blocked Sender message on the message. DOH! Should have realised that would be the case! Since ESET narrowed down the problem and issued their work-around earlier today, I've tried various other fixes in an attempt to find one that is acceptable for my environment until a long term fix can be put in place. I finally cracked it tonight with the following "Transport Rule" in Exchange. This method is flexible and powerful enough to allow you to process these spams in pretty much any way that suits you and is totally safe too! Open “Exchange Management Console” . Go to: Organization Configuration > Hub Transport > Transport Rules . Choose create a new Rule. . Give it a name: I chose “Blank Sender Spam Filter Rule” . Give it a helpfully descriptive comment to remind you what the rule is for in future. I chose: “Spam Processing rule for Blank Sender in the "Return Path" (displays as "<>") with SCL above 7 (to let OutOfOffice messages through untouched). This rule is created to overcome a problem where spam with no return path gets corrected detected and marked as being sent to Quarantine, however the mail actually passes through to the mailbox untouched, and not marked as spam or removed. This is an Exchange Problem, but it also affects "Eset Mail Security for Exchange", since Exchange2007 blocks writing to the headers of these emails.” . The most important bit is on the “Conditions” page, you tick: “When a message Header contains specific words”. Then click the underlined “message header” at the bottom and type “Return-Path” and click the underlined “Specific Words” and type “<>” (both without the speech marks). “When a Spam Confidence Level (SCL) rating is greater or equal to a limit”. At the bottom choose something like 7 or 8 for this limit. This will hopefully allow Out Of Office replies from external sources (which also often have an empty Return Path) to pass through to the intended recipient untouched by this rule. Before I added this extra condition, OoO replies were being quarantined too. figure 1 : screen grab summary of the “conditions” page . For the Actions page you can choose your own actions as suits your needs. I have chosen for now to tick: “log an event with message” so I can track how often the rule is being triggered, it also helps with testing. “prepend the subject with string“ to add a distinctive spam label so I know where the message is coming from. I chose: [spam-TransportRule] “redirect the message to addresses” and send it to your quarantine mailbox address for monitoring. figure 2 : screen grab summary of the “actions” page. . When you know the rule is working safely to your liking and not capturing any false positives, you could choose to delete or reject the message on this action page instead of redirecting and labelling as spam. . Hopefully this simple Transport Rule creation wizard will help others to be rid of this Blank Sender spam until a more permanent fix can be found by ESET or Microsoft, and will save a few of you some hair-pulling frustration! Hope this helps a few other people... Mike

Hallo, training features are useful if users don't cooperate classifying incoming email as spam or not-spam? ...and how can a user tell to EMSX that incoming emails are spam or not? Using quarantine mailbox how can I tell to EMSX that some emails are legitimate? Is it possible to use greylist feature with a POP3 Exchange Server Connector? Thanks in advance, Fabio I'm sorry but it's my first time with ESET business software.