Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 412
  • Last Modified:

New Server - New Netsky

2003 Server/Exchange 2003:

Server is running Symantec AV Corporate Edition 10.x with Symantec Mail Security for Microsoft Exchange 5.x.  Exclusions are in place.  Discovered the following two Event log entries which reference Netsky  - both in Excluded virus scan folders:

Threat Found!Threat: W32.Netsky.P@mm in File: C:\Program Files\Symantec\SMSMSE\5.0\Server\Temp\VAP2806.tmp by: Auto-Protect scan.  Action: Clean failed : Quarantine failed : Delete succeeded : Access denied.  Action Description: The file was deleted successfully.

Threat Found!Threat: W32.Netsky.P@mm!enc in File: E:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_aa82587601c66c2800000223.EML by: Auto-Protect scan.  Action: Clean failed : Quarantine failed : Access denied.  Action Description: The file was left unchanged.

Recommendations?
0
LTWadmin
Asked:
LTWadmin
  • 2
  • 2
1 Solution
 
SembeeCommented:
Despite what you may think - your exclusions aren't in place correctly. It is the only explanation.

Don't scan any of the \exchsrvr directories with the desktop AV. What a surprise that Symantec doesn't even exclude it's own products scanning directories. You will have to set those exclusions as well.

Netsky.p isn't new - it has been around for years - March 2004.

Simon.
0
 
LTWadminAuthor Commented:
Yea - you're right -

I should have mentioned that I didn't set the exclusions until this AM after bringing up the server yesterday - an oversight for sure .  None the less - leave the Netsky in place?
0
 
LTWadminAuthor Commented:
Oh - and I meant "New Netsky" as in "new" for this new server...
0
 
SembeeCommented:
The is probably not even there.
The two products have basically fought to delete it - which is why you put exclusions in place. The file was on the hard disk long enough for the desktop application to detect it, but it was dealt with too quickly by either Exchange or the email AV.

Simon.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now