cancel
Showing results for 
Search instead for 
Did you mean: 
DarrenFord
Level 9

Excluding Java.exe ... Help please?

Hi All...

Ok we have a application called cruise control in our environment and we have recently migrated this server from Trend Micro to McAfee VirusScan 8.7 + AS.

We have a global policy which is for all servers and since the migration they were unable to send email through the app.

I have had a look at the logs and found the following...

locked by port blocking rule   

C:\WINDOWS\system32\java.exe  

Anti-virus Standard ProtectionSmiley Tonguerevent mass mailing worms from sending mail

I know the dangers of excluding java.exe so I thought I would post this up and see if anyone can offer any advise....

Thanks in advance...

Regards

D

0 Kudos
3 Replies
Highlighted
DarrenFord
Level 9

Re: Excluding Java.exe ... Help please?

I have managed to get a log file from their application, added below is there any way I can add anything in the logs to the exceptions?

nested exception is:

> INFO   | jvm 1    | 2010/05/03 12:37:51 |

> javax.mail.MessagingException: Could not connect to SMTP host:

> owa.standardbank.co.za, port: 25;

> INFO   | jvm 1    | 2010/05/03 12:37:51 |   nested exception is:

> INFO   | jvm 1    | 2010/05/03 12:37:51 | java.net.ConnectException:

> Connection refused: connect

> INFO   | jvm 1    | 2010/05/03 12:37:51 |

> javax.mail.SendFailedException: Sending failed;

> INFO   | jvm 1    | 2010/05/03 12:37:51 |   nested exception is:

> INFO   | jvm 1    | 2010/05/03 12:37:51 |

> javax.mail.MessagingException: Could not connect to SMTP host:

> owa.standardbank.co.za, port: 25;

> INFO   | jvm 1    | 2010/05/03 12:37:51 |   nested exception is:

> INFO   | jvm 1    | 2010/05/03 12:37:51 | java.net.ConnectException:

> Connection refused: connect

> INFO   | jvm 1    | 2010/05/03 12:37:51 | at

> javax.mail.Transport.send0(Transport.java:219)

> INFO   | jvm 1    | 2010/05/03 12:37:51 | at

> javax.mail.Transport.send(Transport.java:81)

> INFO   | jvm 1    | 2010/05/03 12:37:51 | at


0 Kudos
pato
Level 7

Re: Excluding Java.exe ... Help please?

Mcafee has per default a Port Blocking rule enabled that blocks all unknown programs from sending email.

Java.exe seems not to be on that list.

You could try now to add java.exe to the Low-Risk Processes, but that would mean it gets less protection. An other idea is to rename the java.exe to blah-java.exe and add that to the Low-Risk Processes. That would reduce the risk somewhat, but is still not perfect. Other thing you could do is to disable the port blocking rule in the Access Protection.

-

pato

0 Kudos
Mal09
Level 12

Re: Excluding Java.exe ... Help please?

Low Risk processes etc have nothing to do with this issue.

java.exe needs to be added to the "Processes to Exclude" for the "Anti-virus Standard ProtectionSmiley Tonguerevent mass mailing worms from sending  mail" rule, or the rule disabled.

I don't see it as a big risk, as long as you accept that Java applications will be able to send email.

0 Kudos