Issue with Disabling Email Client Protection in ESET File Security for Windows Server

Discussion in 'Other ESET Business Products' started by gkurcon, Dec 2, 2012.

Thread Status:
Not open for further replies.
  1. gkurcon

    gkurcon Registered Member

    Joined:
    Aug 10, 2009
    Posts:
    4
    Despite my hesitations to do so, we have decided to start a small pilot program of migrating our Windows Server clients to the File Security product. The first server that I migrated was the ESET server itself. At first glance it appears to be functioning as expected. One thing I noticed is that it enabled the email client scanning feature by default. Since we're not running email clients on any of our servers, I went ahead and disabled this feature. As soon as I did this the status of the ESET system tray icon changed to orange. Is there any way to configure the program NOT to change the color and status display when I disable email scanning? If there isn't an email client installed, and the file system is clean, I'd like to see the green status displayed when I'm working on the server to ensure that there isn't a more serious issue going on. Any advice?
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Could you provide us with screenshot of ESET File Security for Microsoft Windows Server displaying this error message? Also, which version of Microsoft Windows Server is it installed on?

    With that information, we can try and reproduce this issue, and then see what recommendations to make about resolving it.

    Regards,

    Aryeh Goretsky
     
  3. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    Hi!

    On a MS Windows Server 2003 SP2 32-bit which has ESET File Security 4.5.12005.0 I also disabled the "Enable email client antivirus and antispyware protection" option in Computer protection > Antivirus and antispyware > Email client protection:
    ESET_File_Security_Setup1.png
    ESET_File_Security_Setup2.png

    I did this as email clients are not used on the server and there are some services running on the server which send e-mail over SMTP and I'd like to be sure that no email scanning disrupts the services.

    After that the ESET system tray icon changes color to orange ( ESET_File_Security_system_tray_icon_orange.png ), which does not bother me very much.

    But I notice another problem: after the server is rebooted the "Enable email client antivirus and antispyware protection" option gets enabled (returns to the default). Is there anything special I have to do to make the change of the option persistent across reboots?

    -- rpr.
     
  4. karlisi

    karlisi Registered Member

    Joined:
    Apr 7, 2011
    Posts:
    68
    Location:
    Latvia
    Possibly your ERAS policy sets this setting back to default. If so, you can put Windows servers in separate group and make new policy and assign it to servers group. Settings for File Security 4.5 are in section Windows server v4.5, where you can disable email checking.
     
  5. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    I've just checked in ERAS 5.0.242.0:

    In Policy Manager I see that the Server Policy (automatically created by the server) has no options set. Moreover, there are no clients added to the policy which means that the configuration of ESET File Security on the server cannot be affected by the policy.

    On the other hand, there are two policies created for Windows clients which have been added to the policies and they apply as expected.

    -- rpr.
     
  6. foneil

    foneil Eset Staff Account

    Joined:
    Dec 7, 2010
    Posts:
    255
    Location:
    San Diego
    karlisi's advice is sound. Another (quick) way to test if it's policy related--you could disconnect the client from ESET Remote Administrator, disable email client protection, restart, and see what happens.

    Press F5 to enter the Advanced setup tree, and under Miscellaneous, click Remote administration.

    I'm not a Customer Service technician though--if you're still having issues, I recommend emailing Customer Care: mailto:nod32@nort.hr
     
  7. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    I've just tried that but email client protection got enabled again. I'd say it's a bug in ESET File Security 4.5.

    As this is a bug in the software no user support can fix it. :doubt:

    -- rpr.
     
  8. foneil

    foneil Eset Staff Account

    Joined:
    Dec 7, 2010
    Posts:
    255
    Location:
    San Diego
    Hello, I have received further information on this issue. The behavior you described is correct, in that your experience is accurate AND it is the intended behavior of the product; not a bug.

    Disabling email client protection from the product GUI will only temporarily disable the protection (the same idea as disabling the firewall in other ESET products) and on restart, the feature will enable automatically.

    To permanently disable protection, you have to disable this feature using the Advanced setup tree (F5 menu)--from here, it will remain disabled even after restarting.

    This is my understanding per the information I received and if there is anything not clear or accurate, please let me know.

    I will work to include this information in the ESET Knowledgebase to be more clear how on this functionality.

    Thanks
     
  9. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    Foneil, please have a look at the picture in my first message in this thread. I'd say it shows the Advanced setup tree (F5 menu) you are talking about.

    In the tree I expanded Computer protection > Antivirus and antispyware > Email client protection and turned off the Enable email client antivirus and antispyware protection option. After the server restart this option is enabled. Obviously it is a bug as the option should not be reverted to the default value.
     
  10. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    I've upgraded to ESET File Security 4.5.12011.0 but the issue is still present. :(

    Component versions:
    Virus signature database: 8422 (20130607)
    Update module: 1042 (20130123)
    Antivirus and antispyware scanner module: 1393 (20130516)
    Advanced heuristics module: 1139 (2013020:cool:
    Archive support module: 1169 (20130521)
    Cleaner module: 1072 (20130524)
    Anti-Stealth support module: 1043 (20130322)
    ESET SysInspector module: 1233 (20130320)
    Self-defense support module: 1018 (20100812)
    Real-time file system protection module: 1006 (20110921)
    Translation support module: 1100 (20121205)

    Has anyone made the ESET developers aware of this issue?

    -- rpr.
     
  11. DSIM

    DSIM Registered Member

    Joined:
    Apr 30, 2012
    Posts:
    5
    Location:
    USA
    Im having an issue similar to the OP. We dont use email on our servers that we are installing File Security on, so that is a feature that we would like to turn off and not get prompted every time we login to the machine. We dont care about the orange notification, thats what the emails alerts are for and the reporting to Remote Administrator. We would like a way to #1, disable the notification at login and 2, for it not to report 'Email protection is currently disabled' in ERAS. We know its disabled... we did it.


    Modifications I have made to attempt to prevent the pop-up from displaying:

    General Settings -> User Interface -> Default User Interface Values -> Alerts and Notifications -> Display Alerts: No

    and

    General Settings -> User Interface -> Default User Interface Values -> Alerts and Notifications -> Desktop Notifications and Balloon Tips -> Display notifications on desktop: No

    I also set the following and it still alerts:

    General Settings -> User Interface -> Default User Interface Values -> Alerts and Notifications -> Minimum Verbosity of events to display: Critical Errors
     
  12. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    DSIM, as I wrote above, we have the email client protection disabled in ESET File Security ver. 4.5. After we login to the server we do not get any pop-up notifications about the email protection being disabled. I'd say this is due to the following option being enabled:

    User interface > Alerts and notifications > Display only notifications requiring user interaction

    ESET FS alerts and notifications settings.png

    BTW, when you reboot the server does the email client protection get enabled again? (This is the problem I reported in several posts in this thread.)

    -- rpr.
     
  13. DSIM

    DSIM Registered Member

    Joined:
    Apr 30, 2012
    Posts:
    5
    Location:
    USA
    Thanks for that... after a few config changes the alert disappeared.

    Somehow, my email protection has not re-enabled after a reboot. I also have 'Supress User settings' set to yes and am making all config changes from ERAS directly. I dont know how you are making changes or if that even makes a difference.
     
  14. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    DSIM, after your hint I tried to disable email client protection in ESET File Security 4.5 by the following procedure:

    (0) Login to the client with ESET File Security 4.5 (on MS Windows Server 2003 SP2) and open ESET GUI through the systray icon. In the Advanced Setup check "Enable email client antivirus and antispyware protection" to enable it. If the ESET configuration is exported to an XML file and opened in the ESET Configuration Editor it shows:
    Computer protection > Email client protection > Enable email client antivirus and antispyware protection: 1

    (1) In ESET Remote Administrator Console (ERAC) select the client and then press F4 to get the Properties > Configuration tab. Here you can view and save the ESET configuration of the client.

    (2) Open the configuration file (*.xml) in the ESET Configuration Editor and set the following options (see the picture below) and save the configuration back to the xml file:

    Computer protection > Email client protection > Enable email client antivirus and antispyware protection: 0

    General settings > User interface > Default user interface values > Suppress user settings: Yes

    ESET FS4.5 config.jpg

    (3) In ERAC create a new configuration task to apply the configuration to the client. Wait for the task to finish.

    (4) Login to the client. The ESET systray icon is orange and the ESET GUI shows that the email client protection is disabled. If the ESET configuration is exported to an XML file and opened in the ESET Configuration Editor it also shows:
    Enable email client antivirus and antispyware protection: 0

    (5) Restart the client. After restart I see the following:

    • ERAC shows "Enable email client antivirus and antispyware protection: 0".
    • On the client the ESET systray icon is blue and the ESET GUI shows that the email client protection is enabled. Also the Advanced Setup in GUI says that "Enable email client antivirus and antispyware protection" is checked.
    • But if the ESET configuration is exported to an XML file and opened in the ESET Configuration Editor it shows Enable email client antivirus and antispyware protection: 0, which is the same as in ERAC.

    So, if the setting shown in ESET Configuration Editor really applies then the email client protection is actually disabled, which I wanted to achieve. But how is it possible that the setting shown in GUI differs from the setting exported to the XML file? :-|

    -- rpr.
     
  15. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    Based on the history of this case, it would seem that your troubleshooting has brought you to this state: The XML is reporting you are not scanning mail, and the GUI reports it until you restart. Once you restart, the GUI says you are, but the XML says you are not. You have an upgraded edition to the newest.

    What I would like for you to attempt is to export your policy, uninstall the product using a specific process that I will detail below. Once that is complete, restart and reinstall from scratch and import your policy. If this fails, please contact your local support team (also provided below).

    Uninstallation:
    1. Restart the server to safe mode
    2. Open regedit and remove any and all keys that reference ESET at the locations below:
    a. Hklm/software
    b. Hkcu/software
    3. Open a command prompt and run these commands (regardless of feedback):
    a. Sc delete ehttpsrv
    b. Sc delete eamon
    c. Sc delete ehdrv
    d. Sc delete epfwtdir
    e. Sc delete ekrn
    4. Occasionally, some folders are left over after uninstalling ESET software. After restarting, click 'Start' -> 'My Computer'. Navigate to the following folders and delete them if they are present.
    (Note: Delete the ESET folder ONLY)
    Windows XP users :
    C:\Program Files\ESET
    C:\Documents and Settings\All Users\Application Data\ESET
    C:\Documents and Settings\%USER%\Application Data\ESET

    Windows Vista or newer users:
    C:\Program Files\ESET
    C:\ProgramData\ESET

    Here is the contact info for your local support team (in case the uninstall/reinstall doesn’t work)-
    Radnim danima radno vrijeme je od 9:00 do 17:00.
    Nort d.o.o.
    Bisačka 14
    10000 Zagreb
    nod32@nort.hr
    Tel: 01 3691 986
    Fax: 01 3691 987
     
Thread Status:
Not open for further replies.