cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Prevent mass mailing worms from sending mail

I have a bunch of Mail Systems running on Windows Servers, 2008 R2. I experienced an issue yesterday where they could not message each other or a smart host and I found that the setting under VSE8.7.0i / Access protection Properties - " Prevent mass mailing worms from sending mail" had been set to block on all of the servers, around 8 in total. We made a point to disable this feature months ago when we deployed this so I am wondering what happened yesterday PM to switch this back on. Can an AV definition update do this? there is no link to EPO and no other administrators have or even would make these changes.

4 Replies
Regis
Level 12
Report Inappropriate Content
Message 2 of 5

Re: Prevent mass mailing worms from sending mail

Did these servers recently get an updated client of any sort?

I recall that in certain patch levels of VSE (8.5 p4?) , the process exception list was broken.

But that doesn't quite match your situation where it appears a policy element being enabled or disabled somehow changed.

I've never heard of a DAT update being able to cause this.  DAT updates in theory at least only change what file checksums and heuristics of scanned files get detected.   None of the on access protection defaults should be touched by them...at least this is my hope. 

Please let us know what the root cause turns out being.  I'd be looking through the ePO logs to see if anyone was messing with policy though or if somehow those clients became unmanaged and reverted to some defaults somehow.

Re: Prevent mass mailing worms from sending mail

Hi Bob_Murray,

Could you tell us how could you disable the Acess protection policy (either by ePO or VSE )?

If you have done this options in VSE on ePO managed client then the settings will revert back to its original after the policy enforcement .

Kindly do this action on ePO server and check the status

Steps:

1)kindly select your computer name on ePO conslole

2)click action under the ePO console

3)select agent and modify policies on single machine

4)select VSE8.x as product and edit the access protection policies

5)select the antivirus standar protection and untick the "Prevent mass mailing worms sending mail"

OAS.JPG

Re: Prevent mass mailing worms from sending mail

Hi, In this instance these systems are not connected to an EPO so they all run independant. It would make more sense if they were using EPO seeing as the policy was changed across all systems. In this case when we installed VSE we applied the setting on a per computer basis and had to perform the same setting again as this was changed back to its default.

Obviously the thing to do is to have them managed by EPO to try and prevent this happening , we understand the break and the fix in this case however I am really just trying to understand what caused this to change. When something like this occurs we have to present answers even if it looks like one of those glitches in the matrix.

Thanks for your comments guys I appreciate your time.

Re: Prevent mass mailing worms from sending mail

Hi Bob,

Have you checked your ePO console wether these machines are available ?

If it so kindly remove the agent and remove the systems from the ePO console if you wants to make them as unmanaged .

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community