Policy not whitelisting spam

Chris_AIS · April 30, 2021

Hi - I have raised a ticket but no response yet for this.

I have configured a domain (example.com) within an approved sender list which is applied via a policy to a tenant. I know the policy is applied as it is applying the text to the subject line as part of the policy.

Despite the domain being applied in the approved sender list as "@example.com" 12 hours ago, emails from the domain are continuing to be marked as spam and moved to Junk.

Any ideas of how to stop this happening? It is causing huge impact due to some automated systems booking overnight freight.

I can see in ECOS "Detections" ECOS is still recognising as SPAM and moving to Junk. See filtered logs in screenshot.

Any thoughts?

Chris

Chris_AIS · May 1, 2021

72 hours later the policy kicked in, I guess ECOS is very slow to update.

Concerning absolutely nothing from support!

Chris_AIS · May 1, 2021

Problem is back again! Seems to be emails with attachments going to Spam despite the policy!

Anybody able to help? On the verge of getting rid of the entire solution as there seems to be no support whatsoever

Peter Randziak · May 3, 2021

Hello @Chris_AIS,

In urgent cases I would recommend to call the support after opening a ticket.

What is your ticket ID and when you opened it?

Tech support is usually being provided during the business hours and it may take some time to be processed, especially if they need to check it with ESET HQ support or even dev level support...

Regards, Peter

Chris_AIS · May 3, 2021

Hi Peter,

Thanks for your reply, ticket is 00184548 and it was opened on Friday. I have not seen any phone number for ESET support?

Cyber security is required at weekends as well as working hours, and i would expect any cyber security provider to cover these hours. I have had to disable ECOS until I can get some kind of ESET support (still not answer). I sugggest ESET need to review these hours since the launch of ECOS, as it may be possible to disable AV on endpoints for a few days but central solutions such as ECOS should not be disabled every time an issue develops due to lack of support

I did some digging at the weekend and the SPF records for the sender are wrong, however this is via a long chain of suppliers so i have no ability to contact their IT. Surely my whitelisting on ESET should be able to resolve this? ESET ECOS says the sender is on a cloud blacklist however i suspect this is ECOS wording for "failed SPF".

Thanks

Chris

Peter Randziak · May 3, 2021

Hello Chris,

we have a Premium support service for customers who need such high level of support availability and quality.

The phone contact on your local ESET support is available on local support site.

As it seems you have a bank holiday today, I would recommend to call them tomorrow during the business hours...

Regards, Peter

Peter Randziak · May 6, 2021

Hello @Chris_AIS,

I just wanted to check if you were able to resolve the issue with your local ESET support...

Regards, Peter

Chris_AIS · May 6, 2021

Sadly no solution yet, I had a response 2 days ago and then quiet. I guess they dont know either

Peter Randziak · May 6, 2021

Hello @Chris_AIS,

thank you for the update.

In that case, they should escalate it to HQ support, which may contact the developer level support, if needed.

So it may take some time...

Please keep us posted,

Peter

Chris_AIS · May 6, 2021

Thanks Peter, very much appreciate the assistance

Chris_AIS · May 11, 2021

Several weeks into this I finally got a response asking for the email domain, which was provided in the original ticket.

Starting to think this ECOS product and its support levels are not fit for purpose....

I have had to leave it turned off for weeks, which leaves my clients without their contractual levels of Cyber security. Terrible.

Edited May 11, 2021 by Chris_AIS

M.K. · May 12, 2021

Hi,

the problematic domain you reported has been already removed from the cloud blacklist. The quickest way to solve such cases is to send the email sample to nospam_ecos@eset.com (https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#spam) as those are handled almost immediately.
Also based on the sample we have identified a problem in the algorithm that selects the sender's address from email headers in some cases (Return-path: header), and it will be also addressed by an automatic update.

Regards, Matej

Sign In

Policy not whitelisting spam

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members

Quick search

FAQ

Topics