pronto 6 Posted November 5, 2018 Share Posted November 5, 2018 Hi Community, we are currently evaluating ESET as a replacement for our current Trend Micro virus scanner. With Trend Micro, we could search in Office documents for embedded makros in incoming emails and then remove those makros. In addition, a number of file types could be blocked in general, both in e-mails and in normal browser downloads. Is that also possible in ESET? Thx & Bye Pronto Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted November 5, 2018 Most Valued Members Share Posted November 5, 2018 By makros you do mean threats or malicious files? , Are you talking about Outlook? if yes then ESET can protect and scan your emails in Outlook And if you are talking about web browsing then ESET can scan Firefox,Edge,Chrome,IE11(I'm not sure about IE11 but I think yes) Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted November 5, 2018 Administrators Share Posted November 5, 2018 All ESET products detect documents with malicious macros. If you want to specifically filter documents containing macros on a mail sever, you can create a transport agent rule for such files: https://help.eset.com/emsx/7.0/en-US/idh_config_mailserver_rules.html To improve protection from malware in documents, we strongly recommend purchasing ESET Dynamic Threat Defense (EDTD) which will enable ESET Mail Security to upload documents with macros and other suspicious attachments to ESET's cloud sandbox that leverages most recent internal detections as well as Augur, ESET's advanced machine learning system to evaluate the dangerousness of analyzed files. ESET Mail Security will pass emails only after it receives information about the analyzed attachments from ESET's EDTD sandbox. This substantially minimizes the risk that potential new malware spreading via email will make it to users' mailboxes. For more information about EDTD, please read https://www.eset.com/us/business/dynamic-threat-defense/and https://help.eset.com/emsx/7.0/en-US/idh_config_mailserver_cmps.html. For information about other technologies developed by ESET that protect you from threats, please read https://www.eset.com/int/about/technology/. Link to comment Share on other sites More sharing options...
pronto 6 Posted November 6, 2018 Author Share Posted November 6, 2018 Servus Marcos, as I can see from the KB article [1], it doesn't seem to be possible to remove each macro from every Office document sent by e-mail, regardless of whether the macro is harmful or not, and still deliver the document afterwards, as long as no other rules apply? In our daily business it is not necessary to send office documents with macros and if we do, we have instructed the senders to pack these documents into a password protected zip file. We also stopped the automatic execution of macros via group policy, but with the strategy to remove macros in general, we have done quite well and had no false positives so far. >To improve protection from malware in documents, we strongly recommend purchasing ESET Dynamic Threat Defense (EDTD) which will enable ESET Mail Security to upload documents with macros and other suspicious attachments to ESET's cloud sandbox[...] I can't automatically upload documents to a cloud or sandbox without approving or reviewing the content for data protection reasons, it could be highly sensitive data of our management. This is not an option... [1] https://help.eset.com/emsx/7.0/en-US/idh_wizard_rule_action.html Thx & Bye Tom Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted November 6, 2018 Administrators Share Posted November 6, 2018 1, Mail server products enable you to create a rule to remove attachments with documents containing a macro regardless whether it's malicious or not. 2,EDTD was developed with security and privacy in mind. You have submitted files fully under control; by default documents are not submitted and submitted files are removed on EDTD servers after a specific time you can set or immediately after analysis. EDTD is fully GDPR compliant and is safe to use even by companies with stricter policies. Link to comment Share on other sites More sharing options...
pronto 6 Posted November 6, 2018 Author Share Posted November 6, 2018 Servus Marcos, >1, Mail server products enable you to create a rule to remove attachments with documents containing a macro regardless whether it's malicious or not. We misunderstand each other. It makes a difference whether I remove an attachment completely or remove a macro from an attachment, then deliver the attachment without macro (if no other rule apply). Removing the whole attachment is not an option. With our former AV solution this option was called 'Delete all macros detected by advanced macro scan'. Thx & Bye Tom Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted November 6, 2018 Administrators Share Posted November 6, 2018 No, there is no such option. Only malicious macros are sanitized. Link to comment Share on other sites More sharing options...
pronto 6 Posted November 6, 2018 Author Share Posted November 6, 2018 Servus Marcos, >No, there is no such option. Only malicious macros are sanitized. Okay, thanks for your attention... Bye Tom Link to comment Share on other sites More sharing options...
Recommended Posts