When I deploy (Protection Pilot 1.5) Patch 6 or Patch 7 to VirusScan Enterprise 8.5i, Access-Protection goes haywire. In particular, VSE ignores my exceptions so that, for example, a User-Defined rule to block FTP (port 25) inbound EXCEPT to inetinfo.exe (MS IIS) blocks everything inbound on port 25, regardless. Needless to say, this put our network into shock and I had no choice but to disable the Access-Protection rules.
The problem appears to be isolated to User-defined Rules. For example, on our mail server, the default Anti-virus Standard Protection rule, "Prevent mass mailing worms from sending mail," recognizes the exception for SMTP32.EXE. But then, on the same server (and every other patched server), the following User-defined Rules ignore their exceptions:
I reported the problem to Gold Support, but their efforts were tedious and counter-productive. Remoting into my ePO server was a waste of time. McAfee's MER tool couldn't 'phone home.' McAfee's firewalls rejected my e-mails with MER attachments. For the aggravation (and the holidays), I ultimately abandoned the conversation and downgraded VSE to 8.5i Patch 'none.'
For what it's worth, all deployments are Windows 2000 Server SP4 (web farm). If memory serves, this was a clean install of 8.5i - not an upgrade from 8.0i. I did uninstall and reinstall VSE on several servers without luck. Once patched, the problems return.