cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 1 of 3

MSME 8.5 P1, E2010, Exclude certain attachment or Sender from On Access Scanning

Jump to solution

Hello,

* Exchange 2010 SP3, MSME installed on both CAS with (CAS + HUB role installed).

* Working installation with Hardware Load Balancers in front of CAS

* Fortimail Cluster in front of all

Question:

We would like to EXCLUDE Public Folder replication from the SCAN with MSME. If you have the Mailbox Role installed in 8.5 P1 you can exclude that.

But we ONLY have CAS + HUB Role installed and WOULD like to exclude the Public Folder Replication traffic from scannin. Currenlty

some JS from Public Folder are alerted and dumped:

OnAccess (Transport)

util_Recipients20.js; util_View20.js; view.js;
  vw_Calendar20.js; vw_Contact20.js; vw_Dumpster20.js; vw_Message20.js;
  vw_Navbar20.js; vw_Search20.js; webclientutil.js; wfview.js

In Release Notes for 8.5 version we see under new:

"Exclusion of subfolders and public folders from scanning"

However this is only valid for VSAPI and if you have MAILBOXROLE.

Any idea how to exclude those certain files or the two Public Folder Sender and Reciever E-Mail addresses from scanning?

Greetings from Switzerland

1 Solution

Accepted Solutions
McAfee Employee tlange
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: MSME 8.5 P1, E2010, Exclude certain attachment or Sender from On Access Scanning

Jump to solution

on the hub server you can create a subpolicy under the on-access policy where the senders/recipients email address is the smtp address of the replication servers.  the default address is <servername>-IS@emaildomain

Then in the sub-policy disable the antivirus, file filter, content filter and any other filter that can be disabled, set the other filters that can't be disabled to allow through for their actions and that should keep the replication traffic from getting a detection.

2 Replies
McAfee Employee tlange
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: MSME 8.5 P1, E2010, Exclude certain attachment or Sender from On Access Scanning

Jump to solution

on the hub server you can create a subpolicy under the on-access policy where the senders/recipients email address is the smtp address of the replication servers.  the default address is <servername>-IS@emaildomain

Then in the sub-policy disable the antivirus, file filter, content filter and any other filter that can be disabled, set the other filters that can't be disabled to allow through for their actions and that should keep the replication traffic from getting a detection.

Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: MSME 8.5 P1, E2010, Exclude certain attachment or Sender from On Access Scanning

Jump to solution

Hello,

Tlange thank you for the tip with the sub policy. We did not want to go that way because of complexity. In this case it was out of date Public Folder items replicated from an Exchnange 2000 ported to 2003 then 2007 and also 2010.

Microsoft finally made a smart KB where you can see WHICH Public Folders (System Folder) you have to migrated and not.

Butsch.ch | Exchange: Public Folder / System Folder replicate which ones?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community