Chris_AIS 1 Posted April 30, 2021 Share Posted April 30, 2021 Hi - I have raised a ticket but no response yet for this. I have configured a domain (example.com) within an approved sender list which is applied via a policy to a tenant. I know the policy is applied as it is applying the text to the subject line as part of the policy. Despite the domain being applied in the approved sender list as "@example.com" 12 hours ago, emails from the domain are continuing to be marked as spam and moved to Junk. Any ideas of how to stop this happening? It is causing huge impact due to some automated systems booking overnight freight. I can see in ECOS "Detections" ECOS is still recognising as SPAM and moving to Junk. See filtered logs in screenshot. Any thoughts? Chris Link to comment Share on other sites More sharing options...
Chris_AIS 1 Posted May 1, 2021 Author Share Posted May 1, 2021 72 hours later the policy kicked in, I guess ECOS is very slow to update. Concerning absolutely nothing from support! Link to comment Share on other sites More sharing options...
Chris_AIS 1 Posted May 1, 2021 Author Share Posted May 1, 2021 Problem is back again! Seems to be emails with attachments going to Spam despite the policy! Anybody able to help? On the verge of getting rid of the entire solution as there seems to be no support whatsoever Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,173 Posted May 3, 2021 ESET Moderators Share Posted May 3, 2021 Hello @Chris_AIS, In urgent cases I would recommend to call the support after opening a ticket. What is your ticket ID and when you opened it? Tech support is usually being provided during the business hours and it may take some time to be processed, especially if they need to check it with ESET HQ support or even dev level support... Regards, Peter Link to comment Share on other sites More sharing options...
Chris_AIS 1 Posted May 3, 2021 Author Share Posted May 3, 2021 Hi Peter, Thanks for your reply, ticket is 00184548 and it was opened on Friday. I have not seen any phone number for ESET support? Cyber security is required at weekends as well as working hours, and i would expect any cyber security provider to cover these hours. I have had to disable ECOS until I can get some kind of ESET support (still not answer). I sugggest ESET need to review these hours since the launch of ECOS, as it may be possible to disable AV on endpoints for a few days but central solutions such as ECOS should not be disabled every time an issue develops due to lack of support I did some digging at the weekend and the SPF records for the sender are wrong, however this is via a long chain of suppliers so i have no ability to contact their IT. Surely my whitelisting on ESET should be able to resolve this? ESET ECOS says the sender is on a cloud blacklist however i suspect this is ECOS wording for "failed SPF". Thanks Chris Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,173 Posted May 3, 2021 ESET Moderators Share Posted May 3, 2021 Hello Chris, we have a Premium support service for customers who need such high level of support availability and quality. The phone contact on your local ESET support is available on local support site. As it seems you have a bank holiday today, I would recommend to call them tomorrow during the business hours... Regards, Peter Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,173 Posted May 6, 2021 ESET Moderators Share Posted May 6, 2021 Hello @Chris_AIS, I just wanted to check if you were able to resolve the issue with your local ESET support... Regards, Peter Link to comment Share on other sites More sharing options...
Chris_AIS 1 Posted May 6, 2021 Author Share Posted May 6, 2021 Sadly no solution yet, I had a response 2 days ago and then quiet. I guess they dont know either Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,173 Posted May 6, 2021 ESET Moderators Share Posted May 6, 2021 Hello @Chris_AIS, thank you for the update. In that case, they should escalate it to HQ support, which may contact the developer level support, if needed. So it may take some time... Please keep us posted, Peter Link to comment Share on other sites More sharing options...
Chris_AIS 1 Posted May 6, 2021 Author Share Posted May 6, 2021 Thanks Peter, very much appreciate the assistance Peter Randziak 1 Link to comment Share on other sites More sharing options...
Chris_AIS 1 Posted May 11, 2021 Author Share Posted May 11, 2021 (edited) Several weeks into this I finally got a response asking for the email domain, which was provided in the original ticket. Starting to think this ECOS product and its support levels are not fit for purpose.... I have had to leave it turned off for weeks, which leaves my clients without their contractual levels of Cyber security. Terrible. Edited May 11, 2021 by Chris_AIS Link to comment Share on other sites More sharing options...
ESET Staff M.K. 22 Posted May 12, 2021 ESET Staff Share Posted May 12, 2021 Hi, the problematic domain you reported has been already removed from the cloud blacklist. The quickest way to solve such cases is to send the email sample to nospam_ecos@eset.com (https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#spam) as those are handled almost immediately. Also based on the sample we have identified a problem in the algorithm that selects the sender's address from email headers in some cases (Return-path: header), and it will be also addressed by an automatic update. Regards, Matej MichalJ, TomasP and Peter Randziak 3 Link to comment Share on other sites More sharing options...
Recommended Posts