Products History Gallery Manuals Download Links Arcade Forum Up&Runng Windows PC News
    Microsoft Windows Vista, 2003 and XP processes and tips.  Includes Group Policy, Active Directory, Windows SharePoint Services, Outlook Shared Calendars, RAID5, McAfee and much more.  
 


Email Problems with McAfee 8 Enterprise
Prepared by Ian Matthews May 24, 2005

After dealing with several odd problems that have been caused by the seriously enhanced security provided by McAfee version 8 I thought I should document the solution.

Problem 1: Can not send email from servers Backup Software called Vital Vault
Problem 2: Can not email information from forms on FPSE2002 extended IIS6 server
Problem 3: Can not send email from a CRM product called GoldMine
Problem 4: Can not telnet to a mail server on port 25 (i.e. telnet mail.telus.com 25)

The solution for all of these issues was to add exceptions to the ON SCAN ACCESS function in McAfee 8.  You can do this through the desktop interface if you have permission, by:

  1. mcafee8_exceptions.JPG (103884 bytes)right clicking on the McAfee 8 shield in the "notification area" (near your PC's clock) and selecting VIRUS SCAN CONSOLE

  2. double click the ACCESS PROTECTION entry

  3. on the PORT BLOCKING tab, click PREVENT MASS MAILING WORMS FROM SENDING MAIL, and click the EDIT button

  4. add in the names of the executables that are trying to connect on port 25 (i.e. SMTP outbound email port) for example, gmw.exe, telnet.exe, w3wp.exe, vv.exe

 

If you are using McAfee ePolicy Orchestrator, you can make the same change to all machines by:

  1. signing into your ePO serverservers.JPG (82512 bytes)

  2. locate the folder you want to apply the exceptions to (or a particular machine) and click ACCESS PROTECTION POLICIES

  3. make certain you select SERVER or WORKSTATION (McAfee does know what each machines Operating System is and if you machine changes to the WORKSTATION settings and your machines are server, the changes will NOT have any effect)

  4. uncheck INHERIT

  5. select PREVENT MASS MAILING WORMS FROM SENDING MAIL, and click the EDIT button

  6. add in the names of the executables that are trying to connect on port 25 (i.e. SMTP outbound email port) for example, gmw.exe, telnet.exe, w3wp.exe, vv.exe. 

You should add whatever you applications you are having trouble with but so far I have added the following (among others):

w3wp.exe is from Internet Information Services
gmw.exe is GoldMine
telnet.exe is telnet (very handy in trouble shooting mail servers)
vv.exe is Vital Vault backup software

If you are unsure what is being blocked, just start the Virusscan console, click FILE, and VIEW LOG.  You should be readily able to figure out what you need:

5/24/2005 11:26:46 AM Blocked by port blocking rule telnet.exe Prevent mass mailing worms from sending mail

You have to wonder how long it will take for virus writers to simply create executables with the name of one of the default excluded programs (like outlook.exe)
 
(C) 2002 trhough 2008 Up & Running Technologies Incorporated
If you want to use any images or text from this site you must get written approval first.  Click HERE to send an email request explaining your intended usage.