One of my clients and I've been having an issue with the mass mailing worm exclusions.
We installed a monitoring tool that send a mail when a program failed to execute its task on the computer. This tool uses a normal SMTP connection that is only established and active for the 30 seconds it takes to send the mail.
We noticed these notifications have been blocked by all computers that have Mcfee on. I added the tool as an exception to the mass mailing worms exclusions. This is a tempry fix and the tool stays in the exclusions for two or 3 mails, then Mcfee goes into a protective mode and removes the exclusion. I have excluded the monitoring tool from all scans but the exclusion still gets cleared.
Is there a feature that I am missing that removes any changes made by the user? If so how can i disable this?
I cant find anything in that page regarding mailing programs or it disabling changes to be made to mcfee.
The error message i get in the log is:
Blocked by port blocking rule C:\Program Files\Synology Data Replicator 3 Anti-virus Standard Protection:Prevent mass mailing worms from sending mail
If they're using an ePo server to manage their AV estate they need to make the changes on the server, otherwise they'll be overwritten on the client at the next policy enforcement.
When you modify the policy on ePo make sure you do it on the right operating system type. At the top you'll be able to select between Workstation and Server and if you need this kind of exclusion on both types of OSs you'll need to add it twice.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center