3 Replies Latest reply on Mar 9, 2011 4:30 AM by alexander_h

    Access protection - Blocked byport blocking rule - DNS.exe and Lsass.exe

      I have Mcafeevirus scan enterprise 8.5.0i on my servers (2003 Standard), I checked the logs and 2 of the servers ( Domain controller (10.10.10.18) and the exchange server (10.10.10.9)) are showing up as mcafee blocking them  in the access protection log files daily.

       

      On the Exchange:

      Blocked byport blocking rule - Anti-virus Standard Protection:Prevent IRC communication -10.10.10.18:6666

      Blocked byport blocking rule - Anti-virus Standard Protection:Prevent IRC communication 10.10.10.18:6667

      Blocked byport blocking rule Anti-virus Standard Protection:Prevent IRC communication         10.10.10.18:6668

       

      On theDomain Controller:

      Blocked byport blocking rule C:\WINDOWS\System32\dns.exe         Anti-virusStandard Protection:Prevent IRC communication  10.10.10.9:6668

      Blocked byport blocking rule   C:\WINDOWS\system32\lsass.exe      Anti-virus Standard Protection:Prevent IRCcommunication  10.10.10.9:6667

       

      Should I exclude dns.exe and lsass.exe on the domain controller? And also allow irccommunication on the exchange box from the domain controller?