3 Replies Latest reply on May 10, 2010 6:12 AM by pato

    Excluding Java.exe ... Help please?

    DarrenFord

      Hi All...

       

      Ok we have a application called cruise control in our environment and we have recently migrated this server from Trend Micro to McAfee VirusScan 8.7 + AS.

      We have a global policy which is for all servers and since the migration they were unable to send email through the app.

       

      I have had a look at the logs and found the following...

       

      locked by port blocking rule   

      C:\WINDOWS\system32\java.exe  

      Anti-virus Standard Protection:Prevent mass mailing worms from sending mail

       

      I know the dangers of excluding java.exe so I thought I would post this up and see if anyone can offer any advise....

       

      Thanks in advance...

       

      Regards

      D

        • 1. Re: Excluding Java.exe ... Help please?
          DarrenFord

          I have managed to get a log file from their application, added below is there any way I can add anything in the logs to the exceptions?

           

          nested exception is:

          > INFO   | jvm 1    | 2010/05/03 12:37:51 |

          > javax.mail.MessagingException: Could not connect to SMTP host:

          > owa.standardbank.co.za, port: 25;

          > INFO   | jvm 1    | 2010/05/03 12:37:51 |   nested exception is:

          > INFO   | jvm 1    | 2010/05/03 12:37:51 | java.net.ConnectException:

          > Connection refused: connect

          > INFO   | jvm 1    | 2010/05/03 12:37:51 |

          > javax.mail.SendFailedException: Sending failed;

          > INFO   | jvm 1    | 2010/05/03 12:37:51 |   nested exception is:

          > INFO   | jvm 1    | 2010/05/03 12:37:51 |

          > javax.mail.MessagingException: Could not connect to SMTP host:

          > owa.standardbank.co.za, port: 25;

          > INFO   | jvm 1    | 2010/05/03 12:37:51 |   nested exception is:

          > INFO   | jvm 1    | 2010/05/03 12:37:51 | java.net.ConnectException:

          > Connection refused: connect

          > INFO   | jvm 1    | 2010/05/03 12:37:51 | at

          > javax.mail.Transport.send0(Transport.java:219)

          > INFO   | jvm 1    | 2010/05/03 12:37:51 | at

          > javax.mail.Transport.send(Transport.java:81)

          > INFO   | jvm 1    | 2010/05/03 12:37:51 | at


          • 2. Re: Excluding Java.exe ... Help please?
            pato

            Mcafee has per default a Port Blocking rule enabled that blocks all unknown programs from sending email.

            Java.exe seems not to be on that list.

            You could try now to add java.exe to the Low-Risk Processes, but that would mean it gets less protection. An other idea is to rename the java.exe to blah-java.exe and add that to the Low-Risk Processes. That would reduce the risk somewhat, but is still not perfect. Other thing you could do is to disable the port blocking rule in the Access Protection.

             

            -

            pato

            1 of 1 people found this helpful
            • 3. Re: Excluding Java.exe ... Help please?

              Low Risk processes etc have nothing to do with this issue.

               

              java.exe needs to be added to the "Processes to Exclude" for the "Anti-virus Standard Protection:Prevent mass mailing worms from sending  mail" rule, or the rule disabled.

               

              I don't see it as a big risk, as long as you accept that Java applications will be able to send email.

              1 of 1 people found this helpful