Solved

Exchange and viruses

Posted on 2004-08-04
46
484 Views
Last Modified: 2012-08-14
I have a Windows 2000 server running Exchange 2000. On this server is Norton Corp 8.0. I having been working for this company for less then a month and I have been reading about how to remove viruses on Exchange. I understand that Exchange is very finicky and I want to be careful removing them. I have ran the symantec tools with the "nofilescan" option and it came back clean. But looking in the file real time statistics it shows 122 infected files. How should I go about cleaning these out?
0
Comment
Question by:soda0091
  • 17
  • 16
  • 12
  • +1
46 Comments
 
LVL 11

Expert Comment

by:Eric
ID: 11717308
Use NAV for MSE  dont let NAVCE scan M drive and exclude the logs folder etc..
0
 

Author Comment

by:soda0091
ID: 11717413
I have Symantec AVF installed. What is NAVCE? The viruses seem to be in one folder

D:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_df5ada7401c47a36000031aa.EML

Under real time system scan it says that it is the w32.Netsky

Can I run the symanect removal tool? I know that you can include an exclusion but can you include more then one?
0
 
LVL 11

Expert Comment

by:Eric
ID: 11717529
I eclude exchsrvr folder adn subfolders
0
 
LVL 4

Expert Comment

by:DeanHarris1
ID: 11717549
NavCE is Norton Antivirus Corporate Edition

Bets thing to do is if you are wary of doing this is to do it when you are able to stop the exchange services and don't let the repair tool delete the files.  Move then to quarantine, start the exchange box and you should find that everything should be ok.

Before you run the removal tool make sure it doesn't scan the M drive, it come with the following warning:
"WARNING: For network administrators. If you are running MS Exchange 2000 Server, we recommend that you exclude the M drive from the scan by running the tool from a command line with the Exclude switch. For more information, read the Microsoft knowledge base article, "XADM: Do Not Back Up or Scan Exchange 2000 Drive M" (Article 298924)."

Here is a link to the MS article:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;298924

THE REMOVAL TOOL
W32.Netsky@mm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.removal.tool.html
0
 
LVL 11

Assisted Solution

by:Eric
Eric earned 175 total points
ID: 11717552
NAV Corporate Edition NAVCE
From URL:
http://service1.symantec.com/SUPPORT/ent-security.nsf/9d94c8571a91ba4788256bf3007f62b5/8b773850a36516fe88256c2f007e436d?OpenDocument&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&src=ent&pcode=sav_ce&dtype=corp&svy=&prev=&miniver=sav_8_ce
==========================
Preventing Symantec AntiVirus Corporate Edition 8.x from scanning the Microsoft Exchange directory structure

Situation:
This document discusses how to prevent Symantec AntiVirus Corporate Edition (Symantec AntiVirus) 8.x from scanning the Microsoft Exchange directory structure to prevent problems with the Internet Mail Connector (IMC) or Information Store (IS).

Solution:
Symantec AntiVirus only protects the file system on an Exchange server and not Exchange server itself. The protection of the Exchange server is the role of a product like Symantec AntiVirus/Filtering for Microsoft Exchange. Certain folders must be excluded from scanning by Symantec AntiVirus. If Symantec AntiVirus scans the Exchange structure or the Symantec AntiVirus/Filtering temp folder, it can cause false positive virus detections, unexpected behavior on the Exchange server, or damage to the Exchange databases. This is true of all antivirus programs running on Exchange servers. For more information, read the Microsoft Knowledge Base article XGEN: Recommendations for Troubleshooting an Exchange Computer with Antivirus Software Installed - ID 245822.

The details in the following sections cover the folders that can be safely scanned or need to be excluded when Symantec AntiVirus or other Symantec products are installed.

Folders that file-system antivirus software can safely scan

Exchsrvr\Address
Exchsrvr\Bin
Exchsrvr\Conndata
Exchsrvr\Exchweb
Exchsrvr\Res
Exchsrvr\Schema
Any additional directories which are not a part of a standard Exchange installation, and are not included in the list of directories (shown below) which are unsafe to scan

Folders to exclude when using file system antivirus software
These folders should be excluded from Realtime Protection, Scheduled Scans, and Manual Scans.


--------------------------------------------------------------------------------
Notes:
In both versions of Microsoft Exchange, the Tmp.edb file may be found in more than one location. Search for the file, and exclude it in any of the locations where it is found.
You can exclude single files from within Symantec AntiVirus, but not from within the Symantec System Center. This means that, with all versions, you must exclude Tmp.edb from within Symantec AntiVirus on the Exchange server.

--------------------------------------------------------------------------------


Exchange 5.5
Exchange databases (default location: Exchsrvr\Mdbdata)
Exchange MTA files (default location: Exchsrvr\Mtadata)
Exchange temporary files - Tmp.edb
Additional log files (default location/name: Exchsrvr\Tracking.log)
Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
Inbox for Internet Mail Connector (default location: Exchsrvr\IMCDATA)
Internet Information Service (IIS) system files (<drive>:\Winnt\System32\Inetsrv)

Exchange 2000
The Installable File System (IFS) (default location: drive M)
Exchange databases (default location: Exchsrvr\Mdbdata)
Exchange MTA files (default location: Exchsrvr\Mtadata)
Exchange temporary files: Tmp.edb
Additional log files (default location: Exchsrvr\server_name .log)
Virtual server folder (default location: Exchsrvr\Mailroot)
Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
Internet Information Service (IIS) system files (<drive>:\Winnt\System32\Inetsrv)

Exchange 2003
Exchange databases (default location: Exchsrvr\Mdbdata)
Exchange MTA files (default location: Exchsrvr\Mtadata)
Exchange temporary files: Tmp.edb
Additional log files (default location: Exchsrvr\server_name .log)
Virtual server folder (default location: Exchsrvr\Mailroot)
Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
Internet Information Service (IIS) system files (<drive>:\Winnt\System32\Inetsrv)
Working folder for message conversion .tmp files. (default location: Exchsrvr\Mdbdata)
The location of this folder is configurable. For additional information, read the Microsoft Knowledge Base article 822936 - Message Flow to the Local Delivery Queue Is Very Slow.
The temporary folder that is used in conjunction with offline maintenance utilities such as Eeseutil.exe. By default, this folder is the location from which you run the executable, but you can configure where you run the file from when you run the utility.
The folder that contains the checkpoint (.chk) file. For information on the location of this file, read the Microsoft Knowledge Base article Overview of Exchange Server 2003 and Antivirus Software.

Exclude the Temp folders when the following Symantec products are installed

--------------------------------------------------------------------------------
WARNING: The exclusion of these Temp folders is critical to the operation of the products. Each product uses its temp folder as a processing folder. If the temp folders are not excluded from file system scanning, the antivirus programs may conflict and cause unexpected behavior, including potential data loss.
--------------------------------------------------------------------------------
 

Norton AntiVirus 2.x for Microsoft Exchange
<drive>:\Program Files\NAVMSE\Temp
Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange
<drive>:\Program Files\Symantec\SAVFMSE\Temp
Symantec Mail Security 4.0 for Microsoft Exchange
<drive>:\Program Files\Symantec\SMSMSE\4.0\Server\Temp\
Symantec Mail Security 4.5 for Microsoft Exchange
<drive>:\Program Files\Symantec\SMSMSE\4.5\Server\Temp\

Creating the exclusions
The procedure for creating the exclusions depends on whether your Exchange servers are configured as unmanaged clients, managed clients, or servers. Click the icon to either expand ( ) or collapse ( ) the appropriate section:

Unmanaged clients

Unmanaged clients:
If the Exchange server is configured as an unmanaged client, you must configure all exclusions from within Symantec AntiVirus.

To configure exclusions for Realtime Protection from within Symantec AntiVirus
Start Symantec AntiVirus.
Click Configure, and then click File System Realtime Protection.
Click Exclude selected files and folders.
Click Exclusions.
Click the "Check file for exclusion before scanning" box.
Click Files/Folders to create the exclusions.
Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.

To configure exclusions for a scheduled scan from within Symantec AntiVirus
Start Symantec AntiVirus.
Click Scheduled Scans.
Create a new scan, or select the scan you wish to configure, and click Next twice.
Click the Options button in the lower-right corner.
Click Exclude selected files and folders.
Click Exclusions.
Click the "Check file for exclusion before scanning" box.
Click Files/Folders to create the exclusions.
Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.

To start a manual scan with the appropriate exclusions from within Symantec AntiVirus
Start Symantec AntiVirus.
Click Scan, and then click Scan Computer.
Click the Options button in the lower-right corner.
Click Exclude selected files and folders.
Click Exclusions.
Click the "Check file for exclusion before scanning" box.
Click Files/Folders to create the exclusions.
Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.


Managed Clients

Managed Clients
If the Exchange server is configured as a managed client in a client group that you have created specifically for Exchange servers, configure the exclusions through the Symantec System Center. Manual scans should be run from within Symantec AntiVirus, and should be configured there.


--------------------------------------------------------------------------------
Note: The Exchange server should not be configured as a managed client unless it is in a client group specifically for Exchange servers. For more information, read the document Best practice for Symantec AntiVirus Corporate Edition realtime protection running on the Microsoft Exchange Server.
--------------------------------------------------------------------------------

To configure exclusions for Realtime Protection from the Symantec System Center
Start the Symantec System Center, and unlock the server group.
Under Groups, right-click the client group, and then click All Tasks > Symantec AntiVirus > Client Realtime Protection Options.
Click Exclusions.
Click the "Check file for exclusion before scanning" box.
Click Files/Folders to create the exclusions.
Exclude all necessary Exchange folders by entering the full paths of each folder, one on each line.
If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.

To configure exclusions for a scheduled scan from the Symantec System Center
Start the Symantec System Center, and unlock the server group.
Under Groups, right-click the client group, and click All Tasks > Symantec AntiVirus > Scheduled Scans.
Create a scheduled scan, or edit an existing one.
Click Scan Settings.
Click Options.
Click the "Exclude files and folders" box, and then click Exclusions.
Click the "Check file for exclusion before scanning" box.
Click Files/Folders to create the exclusions.
Exclude all necessary Exchange folders by entering the full paths of each folder, one on each line.
If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.

To start a manual scan with the appropriate exclusions from within Symantec AntiVirus
Start Symantec AntiVirus.
Click Scan, and then click Scan Computer.
Click the Options button in the lower-right corner.
Click Exclude selected files and folders.
Click Exclusions.
Click the "Check file for exclusion before scanning" box.
Click Files/Folders to create the exclusions.
Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.


Servers

Servers
If the Exchange server is configured as a Symantec AntiVirus server, configure the exclusions through the Symantec System Center. Manual scans should still be run from within Symantec AntiVirus.

To configure exclusions for Realtime Protection from the Symantec System Center
Start the Symantec System Center, and unlock the server group.
Right-click the Exchange server, then click All Tasks > Symantec AntiVirus > Server Realtime Protection Options.
Click Exclusions.
Click the "Check file for exclusion before scanning" box.
Click Files/Folders to create the exclusions.
Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.

To configure exclusions for a scheduled scan from the Symantec System Center
Start the Symantec System Center, and unlock the server group.
Right-click the server group, and click All Tasks > Symantec AntiVirus > Scheduled Scans.
Create a scheduled scan, or edit an existing one.
Click Scan Settings.
Click Options.
Click the "Exclude files and folders" box, and then click Exclusions.
Click the "Check file for exclusion before scanning" box.
Click Files/Folders to create the exclusions.
Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.

To start a manual scan with the appropriate exclusions from within Symantec AntiVirus
Start Symantec AntiVirus.
Click Scan, and then click Scan Computer.
Click the Options button in the lower-right corner.
Click Exclude selected files and folders.
Click Exclusions.
Click the "Check file for exclusion before scanning" box.
Click Files/Folders to create the exclusions.
Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.



--------------------------------------------------------------------------------
Notes:
To ensure that exclusions set at the Server Group and Client Group levels are distributed correctly to managed clients, use build 8.01.440 (MR4) or 8.1.1.314a (MR1), or a later release.
Symantec recommends configuring MS Exchange servers as managed clients, and adding those clients to a unique Client Group, as described in the Managed Clients section.
If you are using Symantec AntiVirus Corporate Edition 8.0 build 374 (the original build of Symantec AntiVirus Corporate Edition 8.0), omit the backslash when excluding drive M. With all other builds of Symantec AntiVirus, use the backslash (that is, use M:\ as opposed to M:).

--------------------------------------------------------------------------------

0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 100 total points
ID: 11721523
Hi,

I've neen running Symantec CE 8.0 across our network for about 18 months now in conjunction with Av/Filtering for exchange so I would just like to add what is hopefully the benefit of my experience.

Firstly the reasons you've detected viruses in the location that you have is that that particular area is being scanned on the exchange server and it shouldn't be - as ecszone has already posted - follow that link for correct scanning / protection configuration of the correct exemptions in exchange (don't at your peril as one quarantined transaction log will bring your server down). The client (unmanaged or managed) that is deployed on the clients and is hopefully enabled for ms exchange real-time protection should deal with these viruses. However it does depend on how CE 8 is deployed across your organisation. If you could post that it may help. It would be a good idea for your organisation to invest in the exchange server version - Which is Symantec av/filtering for exchange as this detects viruses attached to emails as they arrive at the exchange server and automatically cleans/quarantines/deletes them depending on the settings. In my experience as long as updates are very regular it has dealt with this very effectively to date.

Please don't try to deal with this at the exchange server end with your current setup - it's not as bad as you may think, and trying to quarantine/ deal with viruses at that end may bring your server down.

First check that the clients (if managed or unmanaged) are receiving regular updates - you can do this from the admin console for ce. If clients are unmanaged you need to check on the status of their updates, and check that both real time file and exchange protections are enabled.

Let us know what you find. In relation to best practice in deployment on an exchange server, symantec actually recommend
"As a best practice, Symantec Technical Support recommends installing Symantec AV as a server in its own server group or as an unmanaged client".

from:
Best practices for Symantec AntiVirus Corporate Edition 8.x RealTime Protection on a Microsoft Exchange Server
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002090915484448?Open&src=&docid=2002090916040948&nsf=ent-security.nsf&view=docid/2002090916040948?open&src=&docid=2002020511514548&nsf=ent-security.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=

We have it deployed in a separate server group which is easier to manage, as the settings stay constant for that particular server.

Hope this helps,

Deb :))



0
 

Author Comment

by:soda0091
ID: 11725253
The symantec corp is deployed in as managed software across the network. So you are saying that I should not run any of the symantec tools on the Exchange server? I have removed the scanning from the Exchange folders that should be omitted. I would just like to make sure that it is clean. The Symantec AVF is still showing violations. It is down considerably from yesterday. Is this normal then? I have not found anything in the Norton Corp quarantine today.
0
 
LVL 11

Expert Comment

by:Eric
ID: 11726263
He says he has Symantec AVF installed.  That is the exchange version. ("I have Symantec AVF installed. What is NAVCE? ")
Open "symantec AVF for Exchange"  Do a full scan of all mailboxes after checking for updates.
There will always be viruses in certain directories.. Like we archive mail history.. its a virus hotel :o
If i scan that I have all kinds of problems :)


FYI, symantec claims it does not matter if you have email scanning enabled on the client.  Realtime protection should get it anyway.  they say this inresponce to why does NAVCE not support OE  (supports outlook) .  So why it exists ... who knows :|


0
 
LVL 11

Expert Comment

by:Eric
ID: 11726272
FYI its not exchange catching those filters, its probably either Real time protection or a scheduled scan.  Keep The Exchange AVF, it will save your life :D
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11726380
Hi
From your post:
"The symantec corp is deployed in as managed software across the network" - Are the virus definition files up to date across the entire network and are all machine's included?

"I have removed the scanning from the Exchange folders that should be omitted. I would just like to make sure that it is clean." - You need to remove the folders that have already been listed from both scanning AND real-time protection on the exchange server from configure real-time protection. Symantec CE 8 is a file-based virus scanner, which means it does just that - scans files. It is not designed to scan any of the exchange folders, as by design, exchange requires a different mechanism to effectively scan these files - and this mechanism is only provided by exchange-specific virus protection such as Symantec Mail Security for Microsoft Exchange.

Whilst real-time protection is still scanning the exchange folders and stores it can cause problems, get mail stuck in queues, report false positive virus readings - at worst bring down your exchange server if it does manage to quarantine something.

"The Symantec AVF is still showing violations" - Please confirm that this is from the real-time protection on the exchange server - if it is, reconfigure it to exclude the necessary folders and all should be well. Showing such violations is probable as scanning exchange-specific folders and stores can give false-positive reports of infection.

If you want peace of mind - go get a product specifically for exchange. If your av is set up correctly, and reports no problems then your exchange server is clean (bearing in mind that no av product is foolproof). However with your current set-up that doesn't mean that virus containing attachments in emails cannot pass through your server, which is again why you need an exchange-specific av. The scanning at the client pc's should quarantine any files present in emails so long as real-time protection for exchange is configured.

Hope this helps clarify,

Deb :))



0
 
LVL 11

Expert Comment

by:Eric
ID: 11726612
Also remember everytime to exclude in scheduled scans, virus sweets etc...
Also if you scan the M: drive it does stuff like screws up your bosses calender :|  (no that I know :o  )
Every part you need to exclude it.  Except exchange because all that does is scan exchange.
0
 

Author Comment

by:soda0091
ID: 11729096
Isnt the  Norton AVF specifically for Exchange? I have been running a manual scan since 10am and it has not found a virus yet. It has found a bunch of spam though.
0
 
LVL 11

Expert Comment

by:Eric
ID: 11729330
yes its the same... .. It used to be called something different probably why people are confused. I mentioned it a few times.
"He says he has Symantec AVF installed.  That is the exchange version. ("I have Symantec AVF installed. What is NAVCE? ")"

then your should be good to go.  Like I said, my history folder has more viruses than I care to think about.  
if somehow something tried to execute one, NAV would catch it, it just wont scan that folder anymore.

0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11729669
Oh dear! - For some reason I had just assumed that you didn't - I missed the AVF reference  - As you DO have it, prevent any scanning  - including real-time - of the exchange folders and you'll be fine.

Deb :))
0
 

Author Comment

by:soda0091
ID: 11730387
I'm glad that  we got that squared away. So even though it shows 123 infections in the real time scan it should be okay then(Norton Corp)? Do these eventually go away then? I have changed the folders that both NAV and AVF are supposed to scan.
0
 
LVL 11

Expert Comment

by:Eric
ID: 11730637
Yes.  Clear the errror in symantec console to rid you of the "!" point if you have it.   if not dont worry about it.
This is normal dont sweat it.  Sounds like you got it squared away.

0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11730833
Yep - you'll be fine - The "infections" are false positives - activity incorrectly identified by the  scanner as virus activity (that's why everyone - microsoft, symantec, mcAfee etc etc wil tell you NOT to scan those folders. - File scanning/real-time protection just doesn't work with those exchange folders, avf does - it can scan everything coming via email as it uses a different mechanism for scanning, and if that's saying you're ok and you're fully updated everywhere then that's as good as its going to get.
0
 

Author Comment

by:soda0091
ID: 11732290
What about setting up the spam blocker in the AVF? I noticed that it picked up over 500 spam messages when I was doing a manual scan of the mailboxes. Is there a way to configure this in ordre to stop the email from ever reaching the recipent?
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11733465
With this it can be more difficult because of the spoofed headers etc, but yes you can catch some of it. You can create spam lists - so you can catch mail from anyone@spam.com. You can filter by subject line too, although this one was harder to configure as you can filter for wildcards etc - if you get it wrong though it will eat all your mail and releasing it from quarantine doesn't necessarily mean it's always readable. In short I haven't found it the best spam catching solution in the world for exchange. Have a look at something like gfi mail essentials,

Deb :))

0
 

Author Comment

by:soda0091
ID: 11734658
I noticed this morning that it said that there were 26 virus infection violations. Is this still from the previous day? Or should I not worry? I also saw a check box for enable exchange background scanning, should this be checked?
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11734809
Hi again,

Could you let us know what version and build of Symantec/Norton AV for exchange are you using? (It's a different one to mine I expect, hence some of the earlier confusion)

Deb :))

0
 

Author Comment

by:soda0091
ID: 11734924
The only thing that I can find that coresponds to AVF is the shortcut. I cant seem to find the version. Any ideas?
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11735095
Ok - when you open up avf, there should be an "about" link or button depending on the version. Try looking in the help menu - there could be an about link there, or have a look at the opening user interface for an about button if it's a web-based interface,

Deb :))
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:soda0091
ID: 11735290
Are you referring to the web page that opens up?I just see help for internet explorer
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11735331
At the bottom - is there a button that says about?
0
 

Author Comment

by:soda0091
ID: 11736714
it says 3.02.10.95
0
 
LVL 11

Expert Comment

by:Eric
ID: 11736821
Where did you seee the infection notices??????????
in avf or elseware.

you can tell each type of filter who to send mail to or who not too.. along with custom messages.

0
 
LVL 11

Expert Comment

by:Eric
ID: 11736854
that checkbox will keep it from stealing to much CPU time... it lowers its priority

Change who gets warnings:

policys, content subpolicy.

edit the policy you want.  uncheck the box next to whom you do not want to receive the message.
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11736859
Ok - looks like its probable symantec avf for exchange 3.02 - so this launches a browser based window. When you can mailboxes and folders from here - all is well?

So where are you getting the virus notifiction messages from? I'm assuming that they must be from the corporate edition client also installed on the exchange server? If so, then so long as you have the correct folders exempt from either scheduled scans, manual scans, or real time-protection then you should be able to just clear the alerts/logs. Can you confirm that you have you excluded these files now?

Also yes you should be using exchange background scanning - it just scans the exchange store - maybe when definitions are updated - depends on your version of avf which I'm still not sure about.

Deb :))
0
 

Author Comment

by:soda0091
ID: 11738374
There are 123 under file real time scanning in Norton corp. And under the AVF there are 15 virus violations. I'm an 99.9 percent sure that the correct files are excluded. Can I clear the  log files from the Norton Corp Real time scanning. I'll turn on background scanning then.
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11738424
Yes - clear the files - empty quarantine in avf for exchange - enable the scanning and lets see how you do. If needs be I'll post the exact files and folders that need to be excluded from real-time scanning if we have any further problems,

Deb :))

0
 
LVL 11

Expert Comment

by:Eric
ID: 11738425
clear the status and see if they come back.  they should not if your exclutions are correct.

0
 
LVL 11

Expert Comment

by:Eric
ID: 11738476
They are listed above
"Exchange 2000
The Installable File System (IFS) (default location: drive M)
Exchange databases (default location: Exchsrvr\Mdbdata)
Exchange MTA files (default location: Exchsrvr\Mtadata)
Exchange temporary files: Tmp.edb
Additional log files (default location: Exchsrvr\server_name .log)
Virtual server folder (default location: Exchsrvr\Mailroot)
Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
Internet Information Service (IIS) system files (<drive>:\Winnt\System32\Inetsrv)"
+ M drive.
0
 

Author Comment

by:soda0091
ID: 11738656
I ommited the M drive as mentioned, the whole Exchsrvr folder, and the edb extension from scanning.
0
 
LVL 11

Expert Comment

by:Eric
ID: 11738695
Should be all set then.  Give it over the weekend and verify its happy.

0
 

Author Comment

by:soda0091
ID: 11738781
Lets hope for the best. Is there any way to clean out the real time scanning virus info?
0
 
LVL 11

Expert Comment

by:Eric
ID: 11738809
are you using symantec console?
where do you activly see the info besides right click server name ( all tasks, logs, virus history )
??

0
 

Author Comment

by:soda0091
ID: 11738851
When I double click the symantec icon and then type in the password to get in, I then goto the real time scanning and it shows 123 infections.
0
 
LVL 11

Expert Comment

by:Eric
ID: 11738902
so to the symantec console.  select the server in reference.
does is have an exlimation point on it?
if so right click, all tasks, norton antivirus, clear status

reopen NAV and see if its cleared.  I never actually open NAV so I never noticed it where you said.  I do almost all via console.
0
 

Author Comment

by:soda0091
ID: 11743657
I tried to open the console and recieved an error. Is there any other way?
0
 
LVL 11

Expert Comment

by:Eric
ID: 11745515
you dont use the console??? you need to get that working.. its important.
its how you verify clients are getting updates etc..  whats the error???
\
how did you configure the policys w/o the console?
0
 

Author Comment

by:soda0091
ID: 11794746
How can I split points between 2 people?
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11794773
At the bottom you should see "split" points which you can select - then select one answer as accepted one as assisted and assign the points to each person as you want to up to a total of 275,

Deb :))
0
 
LVL 11

Expert Comment

by:Eric
ID: 11794893
SOunds like you got it resolved or stoped caring. heh.

HOpe the better of the two.

0
 

Author Comment

by:soda0091
ID: 11795069

Do i click on accept first? I dont want to leave anyone out
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11795180
As long as you've clicked split points first at the bottom (or is it top?) it's there any way, you should be ok !
How to split points
http:Q_20823671.html

Deb :))
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now