New Server - New Netsky

Posted on 2006-04-30
Last Modified: 2013-11-29
2003 Server/Exchange 2003:

Server is running Symantec AV Corporate Edition 10.x with Symantec Mail Security for Microsoft Exchange 5.x.  Exclusions are in place.  Discovered the following two Event log entries which reference Netsky  - both in Excluded virus scan folders:

Threat Found!Threat: W32.Netsky.P@mm in File: C:\Program Files\Symantec\SMSMSE\5.0\Server\Temp\VAP2806.tmp by: Auto-Protect scan.  Action: Clean failed : Quarantine failed : Delete succeeded : Access denied.  Action Description: The file was deleted successfully.

Threat Found!Threat: W32.Netsky.P@mm!enc in File: E:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_aa82587601c66c2800000223.EML by: Auto-Protect scan.  Action: Clean failed : Quarantine failed : Access denied.  Action Description: The file was left unchanged.

Question by:LTWadmin
    LVL 104

    Expert Comment

    Despite what you may think - your exclusions aren't in place correctly. It is the only explanation.

    Don't scan any of the \exchsrvr directories with the desktop AV. What a surprise that Symantec doesn't even exclude it's own products scanning directories. You will have to set those exclusions as well.

    Netsky.p isn't new - it has been around for years - March 2004.


    Author Comment

    Yea - you're right -

    I should have mentioned that I didn't set the exclusions until this AM after bringing up the server yesterday - an oversight for sure .  None the less - leave the Netsky in place?

    Author Comment

    Oh - and I meant "New Netsky" as in "new" for this new server...
    LVL 104

    Accepted Solution

    The is probably not even there.
    The two products have basically fought to delete it - which is why you put exclusions in place. The file was on the hard disk long enough for the desktop application to detect it, but it was dealt with too quickly by either Exchange or the email AV.


    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Suggested Solutions

    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
    The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now