2/8/2012 3:27:55 PM Blocked by port blocking rule C:\Program Files\Java\jdk1.6.0_24\bin\java.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 10.1.63.20:25
2/8/2012 3:29:03 PM Would be blocked by port blocking rule (rule is currently not enforced) C:\Program Files\Java\jdk1.6.0_24\bin\java.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 10.1.63.20:25
Here are a couple entries from the AP log that contain the block, and would be block. I had turn the rule off and tested again to see if it would report, which it did. It's pretty straight forward. We did a hearty round of testing with the results always the same.
Is this what you were asking for?
Yes, that's what I wanted to see. IT was just to be sure that only java.exe process is involved in triggering this rule.
Is this an ePO-managed computer? Even if it is, try to open the local VSE console and go under Access Protection->Anti-virus Standard Protection->Prevent mass mailing worms from sending mail. Can you see your java.exe process as excluded process? (don't need to put all the path, it's enough with java.exe)
Thanks ulyses31, yes, this is an ePO managed server. I do see the exception in the virusscan console on the desktop, and the only reason the path is there is because java.exe by itself was bing ignored! So I placed the path just to see if it made any difference. No other exceptions have been ignored (and there are a few in use by other servers that email reports).
Let me try inducing some clarity. We have multiple servers managed by ePO, many of which run software that emails reports to administrators. Some of the software is canned, such as Quest Spotlight on SQL, and some of it is in house custom development. I had this issue with a couple other pieces of software, but when I inserted the process exception into the policy, it worked and those email reports were no longer blocked. This is the first java app we have used that sends email, so prior to this there was no exception.
Why in the world it would single out this entry out of all the exceptions in the policy and ignore only java.exe is..... well, why I'm posting - to see if anyone has any ideas! ATM, AP is turned off on this server so the developers may go on with thier work. We have a couple weeks to get this rolled out.