VirusScan Enterprise 8.x Access Protection rule blocks outbound SMTP mail on Port 25

VirusScan Enterprise 8.x Access Protection rule blocks outbound SMTP mail on Port 25
技術文章 ID：  KB50707
上次修改：  1/26/2015
已評分：

環境
McAfee VirusScan Enterprise 8.x

For details of VSE 8.x supported environments, see KB51111.
問題
Outbound SMTP email is blocked by VirusScan Enterprise (VSE) 8.x Access Protection rule for Port 25.

Blocked items include:

    Alert and event notifications from McAfee products such as Vulnerability Manager and Network Security Platform.
    Mail from third-party email applications.

    NOTE: This does not include known email clients such as Microsoft Outlook and Lotus Notes.

原因
The VSE 8.x Access Protection feature allows you to block specific ports. Although standard exclusions are set, you must manually revise these rules according to your environment.
解決方案
Manually exclude the process that is being blocked.

NOTE: Ensure you use the exact process name as found in the Access Protection log.

    Click Start, Programs, McAfee, VirusScan Console.
    Right-click Access Protection and select Properties.
    Click the Access Protection tab.
    Under Categories on the left, select Anti-virus Standard Protection.
    In the right pane, select Prevent mass mailing worms from sending mail, then click Edit.
    In the Processes to exclude section, type the process name, then click OK to close the Rule details window.
    Click Apply then close the Access Protection Properties window.

IMPORTANT: Disabling any protection or excluding processes carries inherent risks. Disabling Prevent mass mailing worms from sending email altogether would pose substantial risks to the security of your system(s). Intel Security strongly recommends that you exclude only the minimum number of known and necessary processes.
相關資訊
See also:

    For a list of default exclusions for Port Blocking in VirusScan 8.x, see KB65718. This article also contains a list of processes that can be safely added to the port 25 blocking rule exclusions.
    For an explanation of registry acronyms for VirusScan Enterprise Access Protection rules, see KB72432.
    To review a Whitepaper explaining Access Protection, see PD20870.

ref: https://kc.mcafee.com/corporate/index?page=content&id=KB50707

Default exclusions for Port Blocking in VirusScan 8.x

Default exclusions for Port Blocking in VirusScan 8.x
技術文章 ID：  KB65718
上次修改：  8/4/2015
已評分：

環境
McAfee VirusScan Enterprise 8.x
摘要
The Access Protection feature in McAfee VirusScan 8.x allows specific ports to be blocked. Based on your environment, certain processes might have to be excluded to allow third-party applications to function properly when Port Blocking is enabled. The table below lists the processes that are excluded by default in the various versions of VirusScan Enterprise (VSE) 8.x:
  VSE 8.5i VSE 8.7i VSE 8.8 Comment
agent.exe           * * *
amgrsrvc.exe * * *
apache.exe * * *
ebs.exe * * *
eudora.exe * * *
explorer.exe * * *
firefox.exe * * *
firesvc.exe * * *
iexplore.exe * * *
inetinfo.exe * * *
mailscan.exe * * * Used by WebShield SMTP (EOL).
MAPISP32.exe * * *
mdaemon.exe                 * *
modulewrapper * * *
mozilla.exe * * *
msexcimc.exe * * *
msimn.exe * * *
mskdetct.exe * * *
msksrvr.exe * * *
msn6.exe * * *
msnmsgr.exe * * *
neo20.exe * * *
netscp.exe * * *
nlnotes.exe * * *
nrouter.exe * * *
nsmtp.exe * * *
ntaskldr.exe * * *
opera.exe * * *
outlook.exe * * *
Owstimer.exe   * *
pine.exe * * *
poco.exe * * *
resrcmon.exe * * * Used by Exchange in cluster environments.
rpcserv.exe * * * Used by McAfee products.
SPSNotific   * *
thebat.exe * * *
thunde*.exe * * *
tomcat.exe * * *
tomcat5.exe * * *
tomcat5w.exe * * *
vmimb.exe * * *
webproxy.exe * * *
WinMail.exe   * *
winpm-32.exe * * *
worldclient.exe   * *
wspsrv.exe   * *

In addition to the files listed above, you can manually specify processes to be blocked. Additional processes that can be excluded if applicable are listed in the table below:
Additional Processes to exclude Associated Software
32be.exe Electrasoft 32-bit Email Broadcaster
Foundscan.exe McAfee Foundstone
W3wp.exe Microsoft II6
IMApp.exe Incredimail
Java.exe Allows McAfee IntruShield Manager to send alerts
ActEmail.exe Sage ACT 2005


解決方案

To manually add exclusions to VirusScan Access Protection rules:

    Click Start, Programs, McAfee, VirusScan Console.
    Double-click Access Protection.
    Select Prevent mass mailing worms from sending mail and click Edit.
    Add the appropriate process name to the list of Excluded Processes.
    Click OK and then OK again to close the Access Protection Properties window.

IMPORTANT: Disabling any protection or excluding processes carries inherent risks and disabling Prevent mass mailing worms from sending email altogether poses substantial risks to the security of your system(s). Intel Security strongly recommends that only specific, known and necessary processes be excluded.

ref: https://kc.mcafee.com/corporate/index?page=content&id=KB65718