4 Replies Latest reply on Feb 16, 2012 10:12 AM by Laszlo G

    VSE 8.8 Access Protection stubbornly blocks dns.exe (exception in place)

    Attila Polinger



      we have a strange situation on some DNS servers of ours: VSE 8.8 blocks C:\Windows\system32\dns.exe process:


      "2012.02.15. 9:19:29 Blocked by port blocking rule  C:\Windows\system32\dns.exe Anti-virus Standard Protection:Prevent IRC communication (IP removed):6668"


      The exclusion is in place on the said server:


      Yet the block happens regularly:


      I'd thank any useful idea. I was under the impression that letter case matters but turned out that it does not (corrected a small caps to a capital letter in the exclusion string and next time the block happened regardless).


      The AR policy is enforced from the ePO server.


      My other guess would be that there is a blank space suffix at the end of the detected process string which cannot be seen but that should be confirmed somehow.