In common with many, we are experiencing a large amount of emails which contain a malicious word or excel document. The malicious file is identified as W97M\downloader when detected when detected by MSME 8.0.2 installed on our Mailbox servers. The frustration I have is that MSME installed on our Hub servers fails completely to detect the malware on the way through. The Hubs scan in OnAccess mode whereas the Mailbox servers scan via Ondemand scans. These are default scan modes for the server rolls. Both scan modes are set up identically. I would really like to detect these malware files on the way in to the organisation through the Hubs as OnAccess scanning is real time whereas OnDemand is scheduled meaning that users can still open the infected files. As the malware are macro's contained within Word/Excel files, GTI won't work (Exe's, pdf's and apk's only). Due to the nature of our business, I would prefer not to block Macro's completely (finance departments).
Is there anyway I can beef up the OnAccess scanning to detect this malware or, As we only have OnDemand scanning once daily on the mailbox servers, what is the best practise for OnDemand scanning (Mailbox servers contain a large amount of large mailboxes) and how heavy is it on resources (they are old, Server 2003, exchange 2007)
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.