Detections
Lists all detections by ESET Cloud Office Security. Use the tabs to switch between Gmail, Google Drive, Exchange Online, OneDrive, Team groups, and SharePoint sites. View information on each detection, for example, detected files that were uploaded to a Team group in the Team groups tab.
Click the icon to open a sidebar with a summary of a specific log record (detection). For more detailed information, click the three dots icon
or right-click an item and select Show details.
Click the icon or right-click an item and select an action:
Action |
Usage |
---|---|
Show details |
Shows more detailed information about the detection. |
Remove whitelisted |
The option Remove whitelisted is available only if you have whitelisted a file previously by releasing it from Quarantine for the same user. Use this action to remove a file from the whitelist. All such future files will be quarantined. |
Submit sample |
The sample submission dialog enables you to send a suspicious malware file, spam or phishing to ESET for analysis. You can also report False positive malware, spam or phishing. Select a Reason for submitting a sample from the currently available options in the drop-down menu. The currently available options may differ depending on the item you are submitting for analysis. If you see the Add to Anti-spam Blocked senders list option (when submitting spam), you can choose to block the sender by email address, domain or IP and select your custom policy that will be modified to handle the sender blocking. If you do not have a custom policy, select New policy to create one. Similarly with a reverse logic, you can Add to Anti-spam Approved senders list, if the detection was false positive and you know the sender is legitimate. |
Quarantine email |
The Quarantine email action is an email clawback process that enables you to manually move a delivered unread email message from the user's inbox into quarantine. The clawback is particularly useful for advanced spear phishing attacks that are difficult to detect. Quarantining a suspicious email prevents the user from opening it and enables you to inspect it manually. Additionally, you can quarantine the entire email message even if only the attachment was initially quarantined. Select multiple items for bulk action. |
Add to detection exclusions |
You can add detected file attachments to the exclusion list of an existing policy. Select the policy to which you want to add the detection exclusion. Such attachments will be excluded from future scans. This feature is useful for files known as safe but falsely flagged as threats. |
Click the gear icon in the upper-right corner to access the Edit columns feature. Here, you can customize the table view by removing or adding columns and rearranging their order as you see fit. The column configuration is saved, so the table view is retained when you return.
Navigate within the tree to see detections only for a specific tenant or group. To see all detections in every tenant and group, click All. To make searching for a specific detection easier, you can filter using multiple criteria. Click Add filter and select the filter type from the drop-down menu or type a string (repeat when combining criteria):
Add filter |
Usage |
---|---|
Occurred from |
Specify a "date from" range. |
Occurred to |
Specify a "date to" range. |
Subject |
Applies to messages that contain or do not contain a specific string or a regular expression in the subject. |
Message-ID |
Filter email messages by unique Message-ID when searching for a specific message, especially in large logs with many messages or multiple delivery attempts. |
From |
Filter messages by a specific sender. |
To |
Filter messages by recipients. |
Mailbox |
Applies to messages located in a specific mailbox. |
Scan result |
Select one of the following options: Malware, |
Action |
Select one of the available actions. |
Team |
Type the valid team name. |
Site |
Type the valid site name. |
Object |
Type a valid object name. |
Detection |
Type a valid detection name. |
Hash |
Type a valid detection hash. |
Drive |
Filter files by Google Drive or OneDrive. |
Sender |
Filter messages sent by a specific sender. |
Antispam reason |
Filter messages by a reason as marked by the antispam engine. |
The retention period for detections is 90 days. Records older than 90 days will be removed permanently. |
Report false positive (FP) / false negative (FN)
An alternative to the Submit sample action is manually reporting FP and FN detections for Spam, Phishing, or Malware by sending a sample to ESET labs for analysis. Email addresses to send the samples to:
Spam - send an email to nospam_ecos@eset.com for emails incorrectly marked as spam or to spam_ecos@eset.com for undetected spam with the original message as an attachment in .eml or .msg format.
Phishing - to report false positive or negative phishing classification, create a new email message to be sent to samples@eset.com with 'phishing email' in the subject line and include the phishing email as an attachment in .eml or .msg format.
Malware - for false positive or negative classification of malware, create a new email message to be sent to samples@eset.com with 'False positive' or 'Suspected infection' in the subject line and include the file(s) compressed into a .zip or .rar format as an attachment.