Detections

Lists all detections by ESET Cloud Office Security. Use the tabs to switch between Gmail, Google Drive, Exchange Online, OneDrive, Team groups, and SharePoint sites. View information on each detection, for example, detected files that were uploaded to a Team group in the Team groups tab.

Click the icon to open a sidebar with a summary of a specific log record (detection). For more detailed information, click the three dots icon or right-click an item and select Show details.

Click the icon or right-click an item and select an action:

Action	Usage
Submit sample	The sample submission dialog enables you to send a suspicious malware file, spam or phishing to ESET labs for analysis. You can also report False positive malware, spam or phishing. Select a Reason for submitting a sample from the currently available options in the drop-down menu. The currently available options may differ depending on the item you are submitting for analysis. If you see a Block sender option (when submitting spam), you can choose Block sender by email address, domain or IP and select your custom policy that will be modified to handle the sender blocking. If you do not have a custom policy, click Create new policy.
Quarantine email	Manually quarantine an email message. This feature is known as email clawback. You can put any email into quarantine. It is, for example, useful for advanced spear phishing attacks that are usually difficult to detect. Moving a suspicious email from a user's inbox into quarantine prevents the user from opening it and enables you to inspect it manually. Additionally, you can use the Quarantine email action on an item where only the attachment was quarantined, which enables you to put the whole email message into quarantine.

Action

Usage

Submit sample

The sample submission dialog enables you to send a suspicious malware file, spam or phishing to ESET labs for analysis. You can also report False positive malware, spam or phishing. Select a Reason for submitting a sample from the currently available options in the drop-down menu. The currently available options may differ depending on the item you are submitting for analysis. If you see a Block sender option (when submitting spam), you can choose Block sender by email address, domain or IP and select your custom policy that will be modified to handle the sender blocking. If you do not have a custom policy, click Create new policy.

Quarantine email

Manually quarantine an email message. This feature is known as email clawback. You can put any email into quarantine. It is, for example, useful for advanced spear phishing attacks that are usually difficult to detect. Moving a suspicious email from a user's inbox into quarantine prevents the user from opening it and enables you to inspect it manually. Additionally, you can use the Quarantine email action on an item where only the attachment was quarantined, which enables you to put the whole email message into quarantine.

Navigate within the tree to see detections only for a specific tenant or group. To see all detections in every tenant and group, click All. To make searching for a specific detection easier, you can filter using multiple criteria. Click Add filter and select the filter type from the drop-down menu or type a string (repeat when combining criteria):

Add filter	Usage
Occurred from	Specify a "date from" range.
Occurred to	Specify a "date to" range.
Subject	Applies to messages which contain or do not contain a specific string (or a regular expression) in the subject.
Message-ID	Filter email messages by unique Message-ID when searching for a specific message, especially in large logs with many messages or multiple delivery attempts.
From	Filter messages by a specific sender.
To	Filter messages by recipients.
Mailbox	Applies to messages located in a specific mailbox.
Scan result	Select one of the following options: Malware, Malware (detected by ESET LiveGuard Advanced), Phishing or Spam.
Action	Select one of the available actions.
Team	Type the valid team name.
Site	Type the valid site name.
Object	Type a valid object name.
Detection	Type a valid detection name.
Hash	Type a valid detection hash.
Drive	Filter files by Google Drive or OneDrive.
Sender	Filter messages sent by a specific sender.
Antispam reason	Filter messages by a reason as marked by the antispam engine.

When you click the icon, an option Remove whitelisted will be available if you have whitelisted a file previously by releasing it from Quarantine for the same user. Use this option to remove a file from the whitelist. All such future files will be quarantined.

The retention period for detections is 90 days. Records older than 90 days will be removed permanently.

Report false positive (FP) / false negative (FN)

An alternative to the Submit sample action is manually reporting FP and FN detections for Spam, Phishing, or Malware by sending a sample to ESET labs for analysis. Email addresses to send the samples to:

Spam - send an email to nospam_ecos@eset.com for emails incorrectly marked as spam or to spam_ecos@eset.com for undetected spam with the original message as an attachment in .eml or .msg format.

Phishing - to report false positive or negative phishing classification, create a new email message to be sent to samples@eset.com with 'phishing email' in the subject line and include the phishing email as an attachment in .eml or .msg format.

Malware - for false positive or negative classification of malware, create a new email message to be sent to samples@eset.com with 'False positive' or 'Suspected infection' in the subject line and include the file(s) compressed into a .zip or .rar format as an attachment.

˄˅