I have port 25 set to report but not block and I'm trying to see if I can find out which systems may be using that port. I noticed there is a VSE Top 10 acces protection rules broken in the queries. If I run that, it does indeed list "Prevent mass mailing worms from sending email" as one of the top ones, but I'm unsure how to figure out which systems are doing this. Would appreciate any help.
Nevermind - I thought it was returning systems that broke several rules rather than just that one - so running the report allows you to click just that option.