Joe-ESET2016 0 Posted January 1, 2020 Share Posted January 1, 2020 Hello, with ref to eset mail security incoming rules understanding better which file extensions are dangerous based on the eset LOG (e.g. I also saw many *.img and *.iso with virus content) a) Question: Some ESET Mail Security for Exchange Version 6 and 7 has this Problem: if I go unter Log and Details the text is snipped / not full line, I need drive the mouse cursor over it to see the full style. Do you know how to solve? I didn´t updated to the latest version yet. b) I would like to find out which file extension´s were blocked. (I am using the incoming rules) Do you think I can do better / more "statistic, research" if I add more Actions into the RULE ? I only know that this can be inserted, but I think the information is always in the log, I don´t need this actions: Regel "%RuleName%" angewendet. Betreff: %Subject% Absender: %Sender% Empfänger:%Recipients% Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted January 1, 2020 Administrators Share Posted January 1, 2020 You can make columns wider by dragging the column delimiter and moving it rightward. The whole content is also usually shown in tooltips when you hover the mouse cursor over a log record. Nowadays typical malware that spreads via email are Office documents with malicious macros so you can't filter them out without filtering also legitimate documents. However, I recall that creating a transport agent rule with attachment type set to documents with active content or something along that line (https://help.eset.com/emsx/7.0/en-US/idh_wizard_rule_condition.html) would limit the rule to only possibly malicious documents. If you also receive emails with legitimated documents with macros, you could take advantage of ESET Dynamic Threat Defense which is available for bigger customers for an extra fee and provides online analysis of every potentially malicious attachment in cloud before it's delivered to the mailbox. Scan results are shared between computers within the company by means of ESET Dynamic Threat Defense. Link to comment Share on other sites More sharing options...
Joe-ESET2016 0 Posted January 2, 2020 Author Share Posted January 2, 2020 cool very nice! I didn´t knew that Link to comment Share on other sites More sharing options...
ESET Moderators TomasP 318 Posted January 3, 2020 ESET Moderators Share Posted January 3, 2020 Hello @Joe-ESET2016, I have an input from our development team as well: a) This has been fixed in the latest version. In previous versions of the product there is a workaround, you need to delete all registry values starting with “mailserver” under the key HKEY_CURRENT_USER\Software\ESET\ESET Security\CurrentVersion\LogFilter b) Ad. “I would like to find out which file extension´s were blocked”: You can use “Log to events” action with macro %Attname% to log the name and extension of the blocked file – useful for “Attachment type” conditions, where the file extension doesn’t need to match the real file type. Regards, Tomas Link to comment Share on other sites More sharing options...
Recommended Posts