ESET Cloud Office Security
 
ESET Cloud Office Security – Table of Contents

Detections

Lists all detections by ESET Cloud Office Security. Use the tabs to switch between Gmail, Google Drive, Exchange Online, OneDrive, Team groups, and SharePoint sites. View information on each detection, for example, detected files that were uploaded to a Team group in the Team groups tab.

Click the expand icon icon to open a sidebar with a summary of a specific log record (detection). For more detailed information, click the three dots icon icon contextmenu or right-click an item and select Show details.

Click the icon contextmenu icon or right-click an item and select an action:

Action

Usage

Show details

Shows more detailed information about the detection.

Remove whitelisted

The option Remove whitelisted is available only if you have whitelisted a file previously by releasing it from Quarantine for the same user. Use this action to remove a file from the whitelist. All such future files will be quarantined.

Submit sample

The sample submission dialog enables you to send a suspicious malware file, spam or phishing to ESET for analysis. You can also report False positive malware, spam or phishing. Select a Reason for submitting a sample from the currently available options in the drop-down menu. The currently available options may differ depending on the item you are submitting for analysis. If you see the Add to Anti-spam Blocked senders list option (when submitting spam), you can choose to block the sender by email address, domain or IP and select your custom policy that will be modified to handle the sender blocking. If you do not have a custom policy, select New policy to create one. Similarly with a reverse logic, you can Add to Anti-spam Approved senders list, if the detection was false positive and you know the sender is legitimate.

Quarantine email

The Quarantine email action is an email clawback process that enables you to manually move a delivered unread email message from the user's inbox into quarantine. The clawback is particularly useful for advanced spear phishing attacks that are difficult to detect. Quarantining a suspicious email prevents the user from opening it and enables you to inspect it manually. Additionally, you can quarantine the entire email message even if only the attachment was initially quarantined. Select multiple items for bulk action.

Add to detection exclusions

You can add detected file attachments to the exclusion list of an existing policy. Select the policy to which you want to add the detection exclusion. Such attachments will be excluded from future scans. This feature is useful for files known as safe but falsely flagged as threats.

Click the gear icon gear icon in the upper-right corner to access the Edit columns feature. Here, you can customize the table view by removing or adding columns and rearranging their order as you see fit. The column configuration is saved, so the table view is retained when you return.

Navigate within the tree to see detections only for a specific tenant or group. To see all detections in every tenant and group, click All. To make searching for a specific detection easier, you can filter using multiple criteria. Click Add filter and select the filter type from the drop-down menu or type a string (repeat when combining criteria):

Add filter

Usage

Occurred from

Specify a "date from" range.

Occurred to

Specify a "date to" range.

Subject

Applies to messages that contain or do not contain a specific string or a regular expression in the subject.

Message-ID

Filter email messages by unique Message-ID when searching for a specific message, especially in large logs with many messages or multiple delivery attempts.

From

Filter messages by a specific sender.

To

Filter messages by recipients.

Mailbox

Applies to messages located in a specific mailbox.

Scan result

Select one of the following options: Malware, ESET LiveGuard Advanced icon Malware (detected by ESET LiveGuard Advanced), Phishing or Spam.

Action

Select one of the available actions.

Team

Type the valid team name.

Site

Type the valid site name.

Object

Type a valid object name.

Detection

Type a valid detection name.

Hash

Type a valid detection hash.

Drive

Filter files by Google Drive or OneDrive.

Sender

Filter messages sent by a specific sender.

Antispam reason

Filter messages by a reason as marked by the antispam engine.


Note

The retention period for detections is 90 days. Records older than 90 days will be removed permanently.

Report false positive (FP) / false negative (FN)

An alternative to the Submit sample action is manually reporting FP and FN detections for Spam, Phishing, or Malware by sending a sample to ESET labs for analysis. Email addresses to send the samples to:

Spam - send an email to nospam_ecos@eset.com for emails incorrectly marked as spam or to spam_ecos@eset.com for undetected spam with the original message as an attachment in .eml or .msg format.

Phishing - to report false positive or negative phishing classification, create a new email message to be sent to samples@eset.com with 'phishing email' in the subject line and include the phishing email as an attachment in .eml or .msg format.

Malware - for false positive or negative classification of malware, create a new email message to be sent to samples@eset.com with 'False positive' or 'Suspected infection' in the subject line and include the file(s) compressed into a .zip or .rar format as an attachment.