4 Replies Latest reply on Feb 10, 2012 11:45 AM by soviatt

    AVSP Policy: Prevent mass mailing worms ignores java.exe exception

    soviatt

      Before I get started, I am not a Java developer, just the McAfee administrator so, no Javaesque please!

       

      Anyway, our developers are working with an Adobe Life Cycle project that sends an email to a designated recipient(s) upon a certain process failure.Yesterday I installed McAfee and as soon as I loaded it up on the development server, I began to get periodic reports that C:\Program Files\Java\jdk1.6.0_24\bin\java.exe is accused of a port blocking violation and was blocked from send the email.

       

      I placed java.exe into the server AND workstation exception lists but it was ignored and I still got the port blocking violations.

       

      So I entered the full path, C:\Program Files\Java\jdk1.6.0_24\bin\java.exe and still got blocked.

       

      I specifically turned off that rule and left reporting on and began to recieve "Would be blocked" reports. Turning off AP completely (on the development server exclusively) of course generates no reports.

       

      So I don't know what to think now.....

       

      VSE 8.8.849 P1 etc.

      ePO 4.6.1029

        • 1. Re: AVSP Policy: Prevent mass mailing worms ignores java.exe exception
          Laszlo G

          Hi soviatt, ca nyou post the log where java.exe is shown as blocked by mass-mailing?

          • 2. Re: AVSP Policy: Prevent mass mailing worms ignores java.exe exception
            soviatt

            2/8/2012          3:27:55 PM          Blocked by port blocking rule           C:\Program Files\Java\jdk1.6.0_24\bin\java.exe          Anti-virus Standard Protection:Prevent mass mailing worms from sending mail          10.1.63.20:25

             

            2/8/2012          3:29:03 PM          Would be blocked by port blocking rule  (rule is currently not enforced)           C:\Program Files\Java\jdk1.6.0_24\bin\java.exe          Anti-virus Standard Protection:Prevent mass mailing worms from sending mail          10.1.63.20:25

             

            Here are a couple entries from the AP log that contain the block, and would be block. I had turn the rule off and tested again to see if it would report, which it did. It's pretty straight forward. We did a hearty round of testing with the results always the same.

             

            Is this what you were asking for?

            • 3. Re: AVSP Policy: Prevent mass mailing worms ignores java.exe exception
              Laszlo G

              Yes, that's what I wanted to see. IT was just to be sure that only java.exe process is involved in triggering this rule.

               

              Is this an ePO-managed computer? Even if it is, try to open the local VSE console and go under Access Protection->Anti-virus Standard Protection->Prevent mass mailing worms from sending mail. Can you see your java.exe process as excluded process? (don't need to put all the path, it's enough with java.exe)

              • 4. Re: AVSP Policy: Prevent mass mailing worms ignores java.exe exception
                soviatt

                Thanks ulyses31, yes, this is an ePO managed server. I do see the exception in the virusscan console on the desktop, and the only reason the path is there is because java.exe by itself was bing ignored! So I placed the path just to see if it made any difference. No other exceptions have been ignored (and there are a few in use by other servers that email reports).

                 

                Let me try inducing some clarity. We have multiple servers managed by ePO, many of which run software that emails reports to administrators. Some of the software is canned, such as Quest Spotlight on SQL, and some of it is in house custom development. I had this issue with a couple other pieces of software, but when I inserted the process exception into the policy, it worked and those email reports were no longer blocked. This is the first java app we have used that sends email, so prior to this there was no exception.

                 

                Why in the world it would single out this entry out of all the exceptions in the policy and ignore only java.exe is..... well, why I'm posting - to see if anyone has any ideas! ATM, AP is turned off on this server so the developers may go on with thier work. We have a couple weeks to get this rolled out.