RSSensor is the rogue system sensor which is trying to send email. I don't use this in our environment but have had other programs be blocked from sending email.
If this is an epo managed system then you need to add rssensor.exe to the exceptions under "AntiVirus Standard Protection" and then "Prevent Mass Mailing worm" rule. I have to add custom programs to our rules as some of our servers run funky software that needs to send email.
I can see that, however I have a few follow up questions/statements.
Im curious to why the RSS sensor is trying to send emails in the first place and what type of emails are they etc. maybe im just a little paranoid but im new to this position and im having to figure all this out on my own. I guess im trying to say that I just dont want to allow this without knowing whats going on.
the three errors where on our domain controller, email server, and oddly a network printer. I just wanted to make sure we didnt have a virus before i just put this on the exception list.
Thanks again for your input. its much appreciated and it has helped already!
Rogue Sensor can be configured to do a number of things automatically if it detects a rogue system (deploy agent, query the system for information, etc) one of the options is to send an email.
Check under Automatic Responses to see if it's configured that way.
Thanks for the tip.
I went to Automatic Responses and every policy was disabled so im kinda lost as to how these are being sent.
rssensor scans your detected device, it does OS fingerprinting in order to determine which type of device it is (Windows, MAC, Unix, router, printer, etc...) On a device running HIPS or VSE it might be seen as something malicious. In your case it is catching port 25 because it is a specific access proection rule but it is probably going through a lot of different ports to identify the OS of the detected device
If you go into your policies, rsd, general policies, detections you'll see the setting
AAAHHH That was it!
Thanks for that very helpful tid-bit! Its much appreciated!
On a side note, I have to admit that the EPO is by far the most unfirendly U.I. that I have ever had the pleasure(sarcasim) of working with... then I see that mcafee offers classes to learn their software, but the cost is outragious, almost 4K for a 5 day class.
Call me old fashioned but if i buy your software why would i have to pay you to teach me how to use it? That should be included with the already pricey product in my opinion.
Anyways, thanks again everyone for the tips!