Newbie here. I hope you can help.
In ePO 4.6.0, I have set up MSME 8.5.0 to send Administrator Notifications (Policy Catalog > McAfee Security for Microsoft Exchange > Mail Notifications > Settings). Let's say I have set everything to be "email@example.com". Then, still in MSME driven from ePO, In the Scanner Settings Policy (Policy Catalog > McAfee Security for Microsoft Exchange > Scanner Settings > On Access > Master Policy) I have set "Anti-Virus Scanner" , "File Filtering" and "Password-Protected Files" to all 3 send Administrator Notifications to "firstname.lastname@example.org". In fact it is also set likewise on other Policies such as On-Demand (Default) and so on, but it should work at least for the On-Access Policy. Here is the example for the File Filtering (the other 2 being configured the same):
As you can see, when a blocked (filtered) attachment is to be removed by MSME, it is supposed to send a Notification to the Administrator configured earlier, but nothing arrives in the Administrator mailbox...
On VSE 8.8.0 I have added RunScheduled.exe and RunScheduledX64.exe as exclusions to the Access Protection "Prevent mass mailing worms from sending mail" (Policy Catalog > VirusScan Enterprise 8.8.0 > Access Protection Policies > My Default > Server > Anti-virus Standard Protection > Prevent mass mailing worms from sending mail > Edit...).
Nothing is logged by VSE 8.8.0 in its AccessProtectionLog.txt that would indicate VSE is blocking something. Nothing appears neither in the MSME ProductLog.txt that would indicate that it could not send its Notification to the Administrator for some reason. When tracking with powerShell (Get-ExchangeServer | Get-MessageTrackingLog -Sender email@example.com) onto all Exchange servers, I see nothing meaning that nothing even made it into Exchange...
So something's wrong at McAfee level since no Notification even touches Exchange 2013. Nothing found in the PickUp directories either...
I would greatly appreciate some help here. We are phasing out Microsoft's ForeFront Protection in favour of MSME...
Thanks very much in advance for any help pointing me in the right direction!
I did further checks on this after having found out that MSME will send the notifications to the Hub Transport Servers in the Exchange 2013 Organization. MSME will look up for those Hub Transport Servers in the following Registry Value:
This Registry Value does contain a list of 4 IP addresses of Exchange servers separated by semicolons. I also checked that I could telnet on port 25 to each one of those from each of the other servers and I do get the Exchange banner. I also see that some PickUp directories are also mentioned under the parent Registry Key.
There must be something obvious I am missing here to get it to work since we have this exact same issue on 3 test environments, two Exchange 2013 and one Exchange 2010.
Any help or pointer in the right direction is greatly appreciated!!!
Did you manage to fix this? I have exactly the same issue. I can see it getting logged but no emails to the admins.
Hi all, i had the same problem (two Exchange Server) if the mail (eicar test mail) was send about server A all works fine, but if the mail was send about server B no notification mails was send.
I have checked the Regkey HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\MSME\E2007 and i found some difference.
The PickUpDir strings was missing on Server B.
So i added the following Strings:
REG_SZ (String Value)
Name: IP_PickUpDir (for example 192.168.0.2_PickUpDir)
Value: Location of PickUpDir (for example C:\Program Files\Microsoft\Exchange Server\v15\TransportRoles\Pickup)
And the same for IPv6 if used.
After restarting the MSME Service the notofication Mails send from both server.