StotheR 0 Posted October 25, 2022 Share Posted October 25, 2022 Hi there. A customer informed me about a suspicious mail with img file attachement. The customer works on a remote desktop environment with Windows Server 2019 Standard and ESET Server Security 9.0.12.13.0 installed. He received the mail via Outlook. When I download the mail with attachement or just the attachement to file system and start a manual ESET scan, it is cleaned by ESET. I uploaded the mail to virustotal.com and it was also detected malicious by seven checks. I asked him to forward the mail to me. I have ESET Endpoint Antivirus installed and as soon as the mail arrived in my inbox it was detected and cleaned by ESET. How is it possible, that there is a difference in detection?? Link to comment Share on other sites More sharing options...
StotheR 0 Posted October 25, 2022 Author Share Posted October 25, 2022 Update: I just called with another customer, who works on the same remote server as the one mentioned above. She received the same mail but ESET detected the malicious attachement and cleared the mail. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 25, 2022 Administrators Share Posted October 25, 2022 Please provide the appropriate records from the Detections log. Link to comment Share on other sites More sharing options...
StotheR 0 Posted November 3, 2022 Author Share Posted November 3, 2022 How do I do that? Just export log entries from ESET Server Security on the remote system or export via ESET PROTECT? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted November 3, 2022 Administrators Share Posted November 3, 2022 The best would be to run ESET Log Collector on the server and provide the generated archive. It also collects the product configuration which is important when determining the reason for not detecting certain malware. Link to comment Share on other sites More sharing options...
Recommended Posts