I use McAfee for Exchange Security in the version 8.5.8327.103 in an Exchange 2012 environment.
I set up file filter rules.
On the epo Threat Event Log I see this:
|Threat Target Network Protocol:||[untitled]|
|Threat Target Process Name:||[untitled]|
|Threat Target File Path:||SWVBPHEAGLEXC03|[untitled]|
I need to know which file is blocked thus I can adjust the file filter rules.
There is also no possibility to see the kind of file type on the McAfee Security for MS-Exchange web interface.
The filename column is empty for all entries.
In the "Threat Type" Column does it show "File Filter" and "Threat Name" show your "File Filter Rule Name"??
Just checking .... if the item was stopped for another reason ... not file filter .. the info being missing would be correct
In local MSME console also look at Detected Items - All Items - locate the detection there - you should be able to expose columns Filename, Reasons, Rule Name
In you file filter list in the On Access policy do you have the "allow Psd protected zip" and/or "When No Rules applies" enabled as "allow through, log"
Or is your own file filter in place by itself?? Is your own file filter set to log only??
Do you mean with "Psd proteced zip" "Password-Protected Files"?
Yes "When no rule applies" I have the setting "Allow through, Log".
My own file filter is in place and has the setting "Allow through, Log".
I see in the log that the majority of the [untitled] messages are from the auto generated E-Mails from e-mail Adresses like firstname.lastname@example.org
The two default rules are "When no rules apply" and "Psw Protected bypass Rule".
In the local detected items "Rule name" column or in the "Threat Name" column" in ePO does it tell which rule made the discovery
What is the content in those specific mails??
Then which ever rule does it could also be set to allow, log and quarantine - then you would have ability to download it from detected items and what it actually is.
It must be finding some sort of attachment????
We could resolve the [untitled] Problem with a re-checkin of the Extension.
Now I see which kind of file is filtered.
But this kind of files are on the with list.
The McAfee Support said that when I use only the logging setting the catch all rule will have priority.
In a few days we switch the filtering and we will see then if the log works.
My idea was to use the log for adjusting the filter rules.
Wish me luke.