Default exclusions for Port Blocking in VirusScan 8.x

Default exclusions for Port Blocking in VirusScan 8.x
技術文章 ID：  KB65718
上次修改：  8/4/2015
已評分：

環境
McAfee VirusScan Enterprise 8.x
摘要
The Access Protection feature in McAfee VirusScan 8.x allows specific ports to be blocked. Based on your environment, certain processes might have to be excluded to allow third-party applications to function properly when Port Blocking is enabled. The table below lists the processes that are excluded by default in the various versions of VirusScan Enterprise (VSE) 8.x:
  VSE 8.5i VSE 8.7i VSE 8.8 Comment
agent.exe           * * *
amgrsrvc.exe * * *
apache.exe * * *
ebs.exe * * *
eudora.exe * * *
explorer.exe * * *
firefox.exe * * *
firesvc.exe * * *
iexplore.exe * * *
inetinfo.exe * * *
mailscan.exe * * * Used by WebShield SMTP (EOL).
MAPISP32.exe * * *
mdaemon.exe                 * *
modulewrapper * * *
mozilla.exe * * *
msexcimc.exe * * *
msimn.exe * * *
mskdetct.exe * * *
msksrvr.exe * * *
msn6.exe * * *
msnmsgr.exe * * *
neo20.exe * * *
netscp.exe * * *
nlnotes.exe * * *
nrouter.exe * * *
nsmtp.exe * * *
ntaskldr.exe * * *
opera.exe * * *
outlook.exe * * *
Owstimer.exe   * *
pine.exe * * *
poco.exe * * *
resrcmon.exe * * * Used by Exchange in cluster environments.
rpcserv.exe * * * Used by McAfee products.
SPSNotific   * *
thebat.exe * * *
thunde*.exe * * *
tomcat.exe * * *
tomcat5.exe * * *
tomcat5w.exe * * *
vmimb.exe * * *
webproxy.exe * * *
WinMail.exe   * *
winpm-32.exe * * *
worldclient.exe   * *
wspsrv.exe   * *

In addition to the files listed above, you can manually specify processes to be blocked. Additional processes that can be excluded if applicable are listed in the table below:
Additional Processes to exclude Associated Software
32be.exe Electrasoft 32-bit Email Broadcaster
Foundscan.exe McAfee Foundstone
W3wp.exe Microsoft II6
IMApp.exe Incredimail
Java.exe Allows McAfee IntruShield Manager to send alerts
ActEmail.exe Sage ACT 2005


解決方案

To manually add exclusions to VirusScan Access Protection rules:

    Click Start, Programs, McAfee, VirusScan Console.
    Double-click Access Protection.
    Select Prevent mass mailing worms from sending mail and click Edit.
    Add the appropriate process name to the list of Excluded Processes.
    Click OK and then OK again to close the Access Protection Properties window.

IMPORTANT: Disabling any protection or excluding processes carries inherent risks and disabling Prevent mass mailing worms from sending email altogether poses substantial risks to the security of your system(s). Intel Security strongly recommends that only specific, known and necessary processes be excluded.

ref: https://kc.mcafee.com/corporate/index?page=content&id=KB65718