?
Solved

exchanger server has a endpoint protection notification

Posted on 2011-09-30
6
Medium Priority
?
357 Views
Last Modified: 2013-11-22
freaking me out here
the message from endpoint says.
Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: W32.Netsky.P@mm
File: \Device\HarddiskVolumeShadowCopy256\Program Files\Microsoft\Exchange Server\V14\Mailbox\Mailbox Database 0464384659\E0000001A84.log
Location: \Device\HarddiskVolumeShadowCopy256\Program Files\Microsoft\Exchange Server\V14\Mailbox\Mailbox Database 0464384659
Computer: THMVFS12
User: SYSTEM
Action taken: Pending Side Effects Analysis : Access denied
Date found: Thursday, September 29, 2011  11:04:54 PM

give some advice please
i have always been really careful with anti virus and my exchange server.....

0
Comment
Question by:jamesmetcalf74
  • 4
  • 2
6 Comments
 
LVL 10

Accepted Solution

by:
scriven_j earned 2000 total points
ID: 36902625
This means that there is a Shadow copy which was taken at a time when there was a virus in your Exchange database (i.e. in an Email).  As long as it is not in the live database I don't think you have too much to worry about.  Run a full scan against Exchange if you are worried.
0
 

Author Comment

by:jamesmetcalf74
ID: 36951667
how to you run a full scan of exchange...
i remember you have to be careful about exchange and running av on it.
0
 
LVL 10

Assisted Solution

by:scriven_j
scriven_j earned 2000 total points
ID: 36955012
Your normal anti-virus software will not be able to scan Exchange, you need AV software designed to scan Exchange (which will use API's to get access without locking the files).

Do you have Exchange specific Email?  Your normal AV supplier might do an Exchange component if not....
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 10

Assisted Solution

by:scriven_j
scriven_j earned 2000 total points
ID: 36955013
Sorry - that should have said "Do you have Exchange specific Anti-Virus"
0
 

Author Comment

by:jamesmetcalf74
ID: 36957945
the symantec stated it to me...
endpoint automatically recognizes exchange environments and does not scan that databases.
but i was wondering if that exception was for the scheduled scans and manual scans or something similar.
0
 
LVL 10

Assisted Solution

by:scriven_j
scriven_j earned 2000 total points
ID: 36961088

OK - looks like Endpoint doesn't support Exchange scanning.  Ideally you want some sort of scanning on your mailflow, either an internal solution such as Messagelabs or an system running on the Exchange box such as GFI Mail Security.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
How to effectively resolve the number one email related issue received by helpdesks.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question