damtechmatt 11 Posted August 7 Posted August 7 Is there anyway to see a full email log thats gone through ECOS I've had a client ring this morning to say that EES has found and removed a threat in Outlook (Great, doing its job), but im wondering why ECOS didnt pick it up first?
ESET Staff product_manager_8 5 Posted August 23 ESET Staff Posted August 23 Hi There, you have to enable option to "log all items" in exchange/gmail policies in order to log clean logs in scan logs and you should be able to see all ECOS scans. As to why ECOS would not catch something that EES did - they are using the same anti-spam, anti-phishing and anti-malware engines and databases so theoretically, they should catch the same items. The difference can be and the time when something is scanned. ECOS scans the items as soon as they land in the inbox, but at that time, the phishing link or malware sample may be new to ESET and it has to go through several dozens of scans in our back-end and the results may not arrive for some time and that´s why ECOS will also scan that email after some time (1-10min again). That email will also be scanned again when any action is performed on it (for instance, it is flagged, marked as read, moved to another folder...) so all of these these actions and more will trigger a new scan. What may sometimes happen, especially when a customer has multi-layer ESET protection (which we recommend), is that the first scan won´t detect a threat, which usually happens when that file is seen for the first time by ESET and it has to be sent out to LiveGuard. Let´s say the result is available in 30 seconds after the email is received but ECOS re-checks it after one minute. If EES rechecks that same email after 45 seconds so between the first ECOS scan that sent the file for deep inspection and the second ECOS scan, the EES may catch it first as it already sees the result in the database. These times are for illustration purposes only, as it usually happens faster but this is just to explain how something like this scenario might occur. I hope it helps.
Recommended Posts