4 Replies Latest reply on Feb 16, 2012 10:12 AM by Laszlo G

    VSE 8.8 Access Protection stubbornly blocks dns.exe (exception in place)

    Attila Polinger

      Hi,

       

      we have a strange situation on some DNS servers of ours: VSE 8.8 blocks C:\Windows\system32\dns.exe process:

       

      "2012.02.15. 9:19:29 Blocked by port blocking rule  C:\Windows\system32\dns.exe Anti-virus Standard Protection:Prevent IRC communication (IP removed):6668"

       

      The exclusion is in place on the said server:

      dns_block.png

      Yet the block happens regularly:

      DNS_bloc_AR_log.png

      I'd thank any useful idea. I was under the impression that letter case matters but turned out that it does not (corrected a small caps to a capital letter in the exclusion string and next time the block happened regardless).

       

      The AR policy is enforced from the ePO server.

       

      My other guess would be that there is a blank space suffix at the end of the detected process string which cannot be seen but that should be confirmed somehow.

       

      Attila