Jump to content

threat email not detected?


cmit
 Share

Recommended Posts

We currently have ERA v6 (planning to upgrade to v7). Most of our client computers already has EndPoint Antivirus v7 (upgraded from v6 via ERA v6).
We use emails in two options: MS Outlook and SmarterMail(website-based https://www.smartertools.com/smartermail/business-email-server).

Question 1: Does ESET detect threat email (with attachment) if user receives it via SmarterMail (website based email system via i.e. Firefox or Chrome)?
If yes, how does it work? (No records shown about detection of threat email on our ESET EndPoint antivirus (client side) nor the ERA (server console side).
If no, does ESET the protection actually triggers only when user actually opens up that dangerous attachment? Or is there a ESET plugin for Firefox/Chrome? Or this is entirely web-email client's responsibility (like Gmail)?

Question 2: We had two (out of many) domain computers' MS Outlook got the threat email (from same sender) but our ESET client/server has no record (no log) about this threat on these two computers. What could be all the possible reasons? (this is VERY SERIOUS)

Question 3: When a threat email is detected in MS Outlook, how exactly (process steps) does ESET EndPoint AntiVirus handle it?
(i.e. Does ESET delete the threat attachment upon receive?)
If the threat email was not automatically handled by ESET and the user forwarded that threat email, does the 2nd receiver also receive that attachment (like chain reaction)?

Thanks a lot for looking into this and kindly let us know if something we missing.

Link to comment
Share on other sites

  • Administrators

1, The email would be likely scanned by Web access protection. Make sure that SSL/TLS filtering is on so that https communication is scanned.
2, Without knowing what product / version and settings you use and checking the email you received, it's impossible to tell what happened. Please provide me with the email that was not detected as well as with logs gathered by ELC from the machine.
To increase detection efficiency, you might want to use ESET Dynamic Threat Defense (provided as an extra service). If you use Microsoft Exchange or Lotus Domino mail server, with new v7 mail server products you can take advantage of EDTD and have attachments run in the EDTD sandbox and have them evaluated by Augur, the ESET machine learning system. Based on the result of analysis, the ESET Mail Server product can take the appropriate action. This greatly minimizes the gap between a new malware begins to spread and the time a detection is added.
3, Any infected attachment should be cleaned / removed.

Link to comment
Share on other sites

On 9/11/2018 at 9:48 PM, Marcos said:

1, The email would be likely scanned by Web access protection. Make sure that SSL/TLS filtering is on so that https communication is scanned.
2, Without knowing what product / version and settings you use and checking the email you received, it's impossible to tell what happened. Please provide me with the email that was not detected as well as with logs gathered by ESET Log Collector from the machine.
To increase detection efficiency, you might want to use ESET Dynamic Threat Defense (provided as an extra service). If you use Microsoft Exchange or Lotus Domino mail server, with new v7 mail server products you can take advantage of EDTD and have attachments run in the EDTD sandbox and have them evaluated by Augur, the ESET machine learning system. Based on the result of analysis, the ESET Mail Server product can take the appropriate action. This greatly minimizes the gap between a new malware begins to spread and the time a detection is added.
3, Any infected attachment should be cleaned / removed.

Marcos, Kindly reply via Messages sent to you this morning.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...