cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ruank
ruank
Level 7
Report Inappropriate Content
Message 1 of 10
‎10-13-2015 11:15 PM

My mailing worm exclusions not working

Good day.

One of my clients and I've been having an issue with the mass mailing worm exclusions.

We installed a monitoring tool that send a mail when a program failed to execute its task on the computer. This tool uses a normal SMTP connection that is only established and active for the 30 seconds it takes to send the mail.

We noticed these notifications have been blocked by all computers that have Mcfee on. I added the tool as an exception to the mass mailing worms exclusions. This is a tempry fix and the tool stays in the exclusions for two or 3 mails, then Mcfee goes into a protective mode and removes the exclusion. I have excluded the monitoring tool from all scans but the exclusion still gets cleared.

Is there a feature that I am missing that removes any changes made by the user? If so how can i disable this?

0 Kudos
Reply
9 Replies
Peacekeeper
Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 2 of 10
‎10-14-2015 01:45 AM

Re: My mailing worm exclusions not working

Which Mcafee product is causing the issue?

0 Kudos
Reply
ruank
ruank
Level 7
Report Inappropriate Content
Message 3 of 10
‎10-14-2015 02:27 AM

Re: My mailing worm exclusions not working

Virus Scan enterprise + Anti Spyware Enterprise 8.8

0 Kudos
Reply
exbrit
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 4 of 10
‎10-14-2015 02:30 AM

Re: My mailing worm exclusions not working

Moved to VSE

---

Peter

Moderator

0 Kudos
Reply
catdaddy
Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 5 of 10
‎10-14-2015 02:32 AM

Re: My mailing worm exclusions not working

Thanks, I just noticed the OP stated VSE.

Cliff
McAfee Volunteer
0 Kudos
Reply
davidp64
davidp64
Level 9
Report Inappropriate Content
Message 6 of 10
‎10-15-2015 03:03 AM

Re: My mailing worm exclusions not working

Hi,

Configure VSE polices>>Access Protection>>Antivirus standard protection..

Thanks

0 Kudos
Reply
ruank
ruank
Level 7
Report Inappropriate Content
Message 7 of 10
‎10-15-2015 04:19 AM

Re: My mailing worm exclusions not working

I cant find anything in that page regarding mailing programs or it disabling changes to be made to mcfee.

The error message i get in the log is:

Blocked by port blocking rule          C:\Program Files\Synology Data Replicator 3         Anti-virus Standard ProtectionSmiley Tonguerevent mass mailing worms from sending mail

0 Kudos
Reply
koseelen
koseelen
Level 10
Report Inappropriate Content
Message 8 of 10
‎10-15-2015 04:49 AM

Re: My mailing worm exclusions not working

Hello Ruank

The access protection rule for mass mailing is detailed below.

accessprot.png

Reply
ruank
ruank
Level 7
Report Inappropriate Content
Message 9 of 10
‎10-15-2015 04:51 AM

Re: My mailing worm exclusions not working

I have added "backup.exe" as an exclusion. this works for about 5-10 minutes then it appears that the exclusion gets removed from there.

0 Kudos
Reply
georgec
georgec
Level 13
Report Inappropriate Content
Message 10 of 10
‎10-15-2015 04:52 AM

Re: My mailing worm exclusions not working

If they're using an ePo server to manage their AV estate they need to make the changes on the server, otherwise they'll be overwritten on the client at the next policy enforcement.

When you modify the policy on ePo make sure you do it on the right operating system type. At the top you'll be able to select between Workstation and Server and if you need this kind of exclusion on both types of OSs you'll need to add it twice.

George

Reply
McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.