0 Replies Latest reply on Dec 30, 2008 12:23 PM by David_D

    After Patching VSE 8.5i, User-Defined Access-Protection Exceptions are Ignored

      Hi all,

      When I deploy (Protection Pilot 1.5) Patch 6 or Patch 7 to VirusScan Enterprise 8.5i, Access-Protection goes haywire. In particular, VSE ignores my exceptions so that, for example, a User-Defined rule to block FTP (port 25) inbound EXCEPT to inetinfo.exe (MS IIS) blocks everything inbound on port 25, regardless. Needless to say, this put our network into shock and I had no choice but to disable the Access-Protection rules.

      The problem appears to be isolated to User-defined Rules. For example, on our mail server, the default Anti-virus Standard Protection rule, "Prevent mass mailing worms from sending mail," recognizes the exception for SMTP32.EXE. But then, on the same server (and every other patched server), the following User-defined Rules ignore their exceptions:

      • Prevent pcAnywhere inbound (ports 5631-5632), except AWHOST32.EXE
      • Prevent DNS (Domain Name Service) inbound (port 53), except DNS.EXE
      • Prevent POP3 (Post Office Protocol) inbound (port 110), except POP3D32.EXE
      • Prevent HTTP inbound (ports 80-81), except INETINFO.EXE, IWEBMSG.EXE, NAIMSERV.EXE

      I reported the problem to Gold Support, but their efforts were tedious and counter-productive. Remoting into my ePO server was a waste of time. McAfee's MER tool couldn't 'phone home.' McAfee's firewalls rejected my e-mails with MER attachments. For the aggravation (and the holidays), I ultimately abandoned the conversation and downgraded VSE to 8.5i Patch 'none.'

      For what it's worth, all deployments are Windows 2000 Server SP4 (web farm). If memory serves, this was a clean install of 8.5i - not an upgrade from 8.0i. I did uninstall and reinstall VSE on several servers without luck. Once patched, the problems return.

      Any help is greatly appreciated!