Email Problems with McAfee 8 Enterprise

Published by Ian Matthews on

Prepared by Ian Matthews May 24, 2005

After dealing with several odd problems that have been caused by the seriously enhanced security provided by McAfee version 8 I thought I should document the solution.

Problem 1: Can not send email from servers Backup Software called Vital Vault
Problem 2: Can not email information from forms on FPSE2002 extended IIS6 server
Problem 3: Can not send email from a CRM product called GoldMine
Problem 4: Can not telnet to a mail server on port 25 (i.e. telnet mail.telus.com 25)

The solution for all of these issues was to add exceptions to the ON SCAN ACCESS function in McAfee 8.  You can do this through the desktop interface if you have permission, by:

  1. right clicking on the McAfee 8 shield in the “notification area” (near your PC’s clock) and selecting VIRUS SCAN CONSOLE

    Mcafee 8 Exceptions

    Mcafee 8 Exceptions

  2. double click the ACCESS PROTECTION entry
  3. on the PORT BLOCKING tab, click PREVENT MASS MAILING WORMS FROM SENDING MAIL, and click the EDIT button
  4. add in the names of the executables that are trying to connect on port 25 (i.e. SMTP outbound email port) for example, gmw.exe, telnet.exe, w3wp.exe, vv.exe

 

If you are using McAfee ePolicy Orchestrator, you can make the same change to all machines by:

  1. signing into your ePO server

    McAfee - Servers

    McAfee - Servers

  2. locate the folder you want to apply the exceptions to (or a particular machine) and click ACCESS PROTECTION POLICIES
  3. make certain you select SERVER or WORKSTATION (McAfee does know what each machines Operating System is and if you machine changes to the WORKSTATION settings and your machines are server, the changes will NOT have any effect)
  4. uncheck INHERIT
  5. select PREVENT MASS MAILING WORMS FROM SENDING MAIL, and click the EDIT button
  6. add in the names of the executables that are trying to connect on port 25 (i.e. SMTP outbound email port) for example, gmw.exe, telnet.exe, w3wp.exe, vv.exe. 

You should add whatever you applications you are having trouble with but so far I have added the following (among others):

w3wp.exe is from Internet Information Services
gmw.exe is GoldMine
telnet.exe is telnet (very handy in trouble shooting mail servers)
vv.exe is Vital Vault backup software

If you are unsure what is being blocked, just start the Virusscan console, click FILE, and VIEW LOG.  You should be readily able to figure out what you need:

5/24/2005 11:26:46 AM Blocked by port blocking rule telnet.exe Prevent mass mailing worms from sending mail

You have to wonder how long it will take for virus writers to simply create executables with the name of one of the default excluded programs (like outlook.exe)

Categories: Product Reviews & Other Technologies

1 Comment

LeoPhoenix · January 24, 2022 at 9:22 am

great insight – super helpful

Reply

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

WinXVideoAI Review tutorial

SOLVED: VIDEO: WinXVideoAI Review, Tutorial, Tips & Tricks

In this video, we’ll take a deep dive into the WinXVideoAI software and show you how to enhance, resize, and clean up your videos and pictures. Plus, we’ll share some helpful tips and tricks along Read more…

veritas backup exec showing start time in 2036

SOLVED: How To Recreate Backup Exec Certificates to Fix Establish Trust Problems

UPDATED: March 7 2024 If you are using Backup Exec you are aware that there is a trust relationship that is required between the backup exec and any clients computers that it is backing up. Read more…

Epson FF-680W Photo Scanner photo cover

SOLVED: VIDEO: Best Photo Scanner? Epson FF680W FastFoto Review Unboxing & Setup

Welcome to our comprehensive review, unboxing, and setup of the Epson FF680W FastFoto Photo Scanner! This might be the best photo scanner ever and it is certainly the best photo scanner we have ever used. Read more…