On-demand mailbox database scan

Host address—Name or IP address of the server running EWS (Exchange Web Services).

Username—Specify the credentials of a user that has appropriate access to EWS.

User password—Click Set next to User password and type the password for this user account.

Mailbox access method—Allows you to select your preferred mailbox access method:

•Impersonation—Easier and faster setup is ApplicationImpersonation role which has to be assigned to the scanning account.

Assign ApplicationImpersonation role to a user

If this option is unavailable, you must specify a Username. Click Assign to automatically assign the ApplicationImpersonation role to the selected user. Alternatively, you can assign the ApplicationImpersonation role manually to a user account. A new unlimited EWS Throttling Policy is created for the user account. For more information, see Database scan account details.

•Delegation—Use this access type if you want to require access rights on individual mailboxes and can provide higher speeds when scanning large amounts of data.

Assign delegated access to a user

If this option is unavailable, you must specify a Username. Click Assign to automatically grant the selected user full access to all user and shared mailboxes. A new unlimited EWS Throttling Policy is created for the user account. For more information, see Database scan account details.

Use SSL

SSL must be enabled if EWS is set to Require SSL in IIS. If SSL is enabled, the Exchange Server certificate must be imported on the system with ESET Mail Security (if Exchange Server roles are on different servers). Settings for EWS can be found in IIS under Sites/Default website/EWS/SSL Settings.

Ignore server certificate error—If you are using a self-signed certificate, you can ignore the server certificate error.

Client certificate—Must be set only if EWS requires a client certificate. Click Select to select a certificate.

Action to take if cleaning not possible—This action field allows you to block infected content.

•No action—Take no action on the infected content of the message.

•Move message to trash—Is not supported for Public folder items, the Delete object action will be applied instead.

•Delete object—Deletes infected content of the message.

•Delete message—Delete the entire message, including its infected content.

•Replace object with action information—Removes an object and includes information about the object that was removed.

Action to take on a phishing message:

•No action—Keep the message even if it is marked as phishing.

•Move message to trash—Is not supported for Public folder items, the Delete object action will be applied instead.

•Delete message—Delete the entire message, including its infected content.

Number of scan threads

You can specify how many threads ESET Mail Security should use during the database scan. The higher the number, the better the performance. However, an increase in performance uses more resources. Fine-tune this setting to the desired value according to your requirements. The default value is set to 4 scan threads.

Microsoft 365

Visible only if you have a Microsoft 365 hybrid environment.

User account for scanning a public folder

If you want to scan public folders, provide a principal user account name (password not required) for impersonation. Ensure the configuration of this user account is to have access to all public folders.