CNNS 0 Posted November 6, 2019 Share Posted November 6, 2019 Hi there, we received the following Notification (multiple times) from ESET SMC: Malware outbreak alert (count per time criteria) Warnung zu Schadsoftwareausbruch (Anzahl über Zeit) This Notification is on its default settings (100 Occurences in a 10 Minute Timeframe) Upon checking in with ESET SMC we cannot see any actives Threats that correspond to this. Is this a false positive? Where should we investigate further? System/Network Information: Small Business with local Exchange and Fileserver. 20 Windows Clients. ESET Security Management Center (Server), Version 7.0 (7.0.471.0)ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) CentOS (64-bit), Version 7.6.1810 Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted November 6, 2019 ESET Staff Share Posted November 6, 2019 2 hours ago, CNNS said: Upon checking in with ESET SMC we cannot see any actives Threats that correspond to this. Is this a false positive? Where should we investigate further? Could you specify how you filter those threats? Asking because those threats might be already marked as resolved, as issues was indeed resolved on client and there is no action required. This kind of notification is primarily intended to warn you that something happened in network, which is probably true, even in case there is nothing to be done in ESMC. Link to comment Share on other sites More sharing options...
CNNS 0 Posted November 6, 2019 Author Share Posted November 6, 2019 thanks for your reply. BTW: we are getting a report every hour, so the condition that activates this notification still seems active. 29 minutes ago, MartinK said: Could you specify how you filter those threats? If I get your question right you want to know where we already did look for those threats. So here are some reports (translated from the german installation we have): Threats of the last 30 days grouped for action taken Group by (Action) Count(Action) deleted 37 7 blocked 6 Detected 3 connection terminated 2 cleaned by deleting 1 When I change this report to show a whole year I can get this to a total of 95. Even when changing the filter to show two years, we get only 95 entries. In the Computers view of SMC there are no Threats shown. A few have been marked as resolved in the past days. In the Threats view of SMC there are no current Threats shown. I have to change the filter to show resolved. Then there are 13 entries. If i change this to show 365 days i get the 95 incidents again. Heading over to the Mailsecurity on our Exchange we have the following data in the logs: Mail-Server-Protection (filtered to show the last 24hours): 302 total, evenly distributed, so like 15 events an hour, containing spam and rules for mail-attachments, this is a normal amount, we usually have like 400 a day Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted November 6, 2019 ESET Staff Share Posted November 6, 2019 4 minutes ago, CNNS said: BTW: we are getting a report every hour, so the condition that activates this notification still seems active. Seems this is the most crucial fact: I would recommend to contact ESET support and specific this specific problem that you are endlessly receiving notification of received threat. There was an issue in ESMC 7.0 that could result in this case. It should be resolved also in upcoming version (to be available very soon). Link to comment Share on other sites More sharing options...
CNNS 0 Posted November 6, 2019 Author Share Posted November 6, 2019 okay, will do that. thank you MartinK Link to comment Share on other sites More sharing options...
CNNS 0 Posted November 8, 2019 Author Share Posted November 8, 2019 Solution to this Problem came from eset support: first we had to edit the noticiation to show additional information, here the computername secondly we had to reinstall the eset agent on the computer in the notification Link to comment Share on other sites More sharing options...
Recommended Posts