1 2 3 Previous Next 63 Replies Latest reply on Jan 26, 2011 12:34 PM by samd

    Mass Mailing Process exclusions not working with VSE8.7i Patch 4

      We installed Patch 4 today on our Windows 2008 R2 server with Exchange 2010 (with VSE8.7iP3). We use an extrenal email service to scan our emails before the are recieved and delivered. It worked fine before, but after installing Patch 4 the EdgeTransport.exe is blocked all of a sudden by the Prevent mass mailing worms from sending mail rule. The EdgeTransport.exe was already added to the Processes to exclude section, but whem the blocking rule is enforced there's no possible way to send email. The AccessProtection.log says: Blocked by port blocking rule X:\**\Bin\edgetransport.exe  Anti-virus Standard Protection:Prevent mass mailing worms from sending mail <external IPaddress>:25

       

      No changes to the server were made. Anyone experiencing the same issues of has a suggestion?

        • 1. Re: Mass Mailing Process exclusions not working with VSE8.7i Patch 4

          I have not had this problem with P4, but there are several differences.  My email server is on XP SP3, not 2008 R2.  Also, I just have the exe name in the exclude list, not the path.

           

          You might want to check to make sure the exclusion is set correctly for Server, not just Workstation.  However, if the rule was already defined and you didn't change it, that's probably not the problem.

           

          Jay

           

           

          Message was edited by: jguenrdc on 9/30/10 3:48:09 PM CDT
          • 2. Re: Mass Mailing Process exclusions not working with VSE8.7i Patch 4

            The policies are deployed through ePO and the exclusions is made as the process name, not the path (which is shown only in the log). So the exclusion is: edgetransport.exe. This is not a default exclusion in VSE, but necessary to make Exchange 2010 send email through this Access Protection rule. These policies weren't changed since june 2010. The only thing that change was the installation of Patch 4 today. Almost immediatly after the installation the problem occurred (17 seconds after the policy was enforced and patch 4 was installed). Although the process is excluded (as can be seen on the server at the McAfee console), VSE is blocking port 25 for edgetransport.exe.

             

            For the time being we removed the block and report option from the policies to make sure mail is working and the ePO databse isn't flooded. Is there any easy way to roleback to patch 3 to get protection back to normal?

            • 3. Re: Mass Mailing Process exclusions not working with VSE8.7i Patch 4

              I have the exact same issue since installing Patch 4 on our Exchange 2010 Server (Server 2008 R2) on 9/29/2010. Email will only be sent to external domains if I set the Mass Mailing rule to report and not block. The Access Protection policy enforced through ePO has edgetransport.exe excluded, and this policy has not changed.

               

              I opened a case with McAfee to troubleshoot.

               

               

              Message was edited by: opensourcerer on 10/1/10 7:41:35 AM CDT
              • 4. Re: Mass Mailing Process exclusions not working with VSE8.7i Patch 4

                Thanks for responding. Now atleast I know it's not a problem with my config. Just out of curiosity, do you use AD Sync for Groups? If so, do you have Failed Syncs since Patch 4? If I get an answer from McAfee, I'll post it here.

                • 5. Re: Mass Mailing Process exclusions not working with VSE8.7i Patch 4

                  I have the Active Directory Synchronization task in ePO run each night, but it hasn't failed.

                  • 6. Re: Mass Mailing Process exclusions not working with VSE8.7i Patch 4

                    Thanks. I will look in to this issue. Maybe our newly configured firewall is blocking 389.

                    • 7. Re: Mass Mailing Process exclusions not working with VSE8.7i Patch 4

                      I just got off the phone with McAfee. They said VirusScan patches usually include new filters and mini firewalls, which don't replace the previous versions until Windows is restarted. This can cause odd issues like exclusions being ignored. They recommended rebooting the Exchange server before proceeding with troubleshooting. I'll reboot this weekend and let you know how it goes.

                      • 8. Re: Mass Mailing Process exclusions not working with VSE8.7i Patch 4

                        I rebooted the server a few minutes ago, but without any luck. The Mass Mailing Worm rule still blocks edgetransport.exe.

                         

                        1-10-2010    22:52:00    Blocked by port blocking rule     <folder>\edgetransport.exe    Anti-virus Standard Protection:Prevent mass mailing worms from sending mail    <External IP>:25
                        1-10-2010    22:53:00    Blocked by port blocking rule     <folder>\edgetransport.exe     Anti-virus Standard Protection:Prevent mass mailing worms from sending  mail    <External IP>:25
                        1-10-2010    22:54:00    Blocked by port blocking rule     <folder>\edgetransport.exe     Anti-virus Standard Protection:Prevent mass mailing worms from sending  mail    <External IP>:25
                        1-10-2010    22:55:00    Blocked by port blocking rule     <folder>\edgetransport.exe     Anti-virus Standard Protection:Prevent mass mailing worms from sending  mail    <External IP>:25

                         

                        Back to the drawing board...

                        • 9. Re: Mass Mailing Process exclusions not working with VSE8.7i Patch 4
                          hem

                          Did we try with wildcard (edge*) in the AP exclussion and let see if this works?

                           

                          I understand its not the solution but lets try once.

                          1 of 1 people found this helpful
                          1 2 3 Previous Next