3 Replies Latest reply on Aug 24, 2010 3:03 PM by rmetzger

    Need to exclude Thunderbird from 8.7i

    rdefino

      I have a user that needs Thunderbird excluded. he says that " Connections to <mailserver>:993 still trigger heavy mcshield.exe activity."

       

      What exclusions need to be down for Thunderbird?

       

      Any thoughts?

       

      thanks

        • 1. Re: Need to exclude Thunderbird from 8.7i
          rdefino

          Any thoughts..anyone?

          • 2. Re: Need to exclude Thunderbird from 8.7i
            Tristan

            Add the Thunderbird mailstore folder '%USERPROFILE%\Application Data\Thunderbird\Profiles\XXXXXXXX.default\Mail\' to the exclusions list (where XXXXXXX is uniquly generated folder name)

             

            If using EPO then add the exclusion to the workstation section of 'On-Access Default Processes Policies'

            If not managed by EPO then 'On-Access Scanner->All processes->Exclusions' in the VirusScan Console

             

            There is a 'Prevent mass mailing worms' rules under Access Protection but that has exclusions for 'thunde*.exe' so unless he's renamed his Thunderbird executable then you can safely ignore that.

            • 3. Re: Need to exclude Thunderbird from 8.7i
              rmetzger

              rdefino wrote:

               

              I have a user that needs Thunderbird excluded. he says that " Connections to <mailserver>:993 still trigger heavy mcshield.exe activity."

               

              What exclusions need to be down for Thunderbird

              Heavy McShield.exe activity when accessing any MIME encoded file (such as Thunderbird and many other non-MS email clients), is often caused by the size of the MIME encoded file. As the number and size of the messages grow, the scanning of this can cause extreme delays in large mailboxes.

               

              To avoid this problem, I suggest changes to some settings. But before changing this, I also strongly recommend making sure that these files Are scanned regularly, (like weekly, or more, as your security/network administrator demands) to help mitigate possible malware that might get thru.

               

              From the VirusScan Console:

              On-Access Scan Properties

              All Processes

              Scan Items

              Uncheck "Decode MIME encoded files"

               

              Make sure that "Decode MIME encoded files" is Checked on one of your regularly scheduled On-Demand Scans.

               

              This may help with extreme slowness when opening (or indexing) Thunderbird.

               

              I have found that 'Compacting' also helps, if done regularly.

               

              Hope this helps, and let us know if it does, or if we can help further.

               

              Ron Metzger