Solved

exchanger server has a endpoint protection notification

Posted on 2011-09-30
6
303 Views
Last Modified: 2013-11-22
freaking me out here
the message from endpoint says.
Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: W32.Netsky.P@mm
File: \Device\HarddiskVolumeShadowCopy256\Program Files\Microsoft\Exchange Server\V14\Mailbox\Mailbox Database 0464384659\E0000001A84.log
Location: \Device\HarddiskVolumeShadowCopy256\Program Files\Microsoft\Exchange Server\V14\Mailbox\Mailbox Database 0464384659
Computer: THMVFS12
User: SYSTEM
Action taken: Pending Side Effects Analysis : Access denied
Date found: Thursday, September 29, 2011  11:04:54 PM

give some advice please
i have always been really careful with anti virus and my exchange server.....

0
Comment
Question by:jamesmetcalf74
  • 4
  • 2
6 Comments
 
LVL 10

Accepted Solution

by:
scriven_j earned 500 total points
ID: 36902625
This means that there is a Shadow copy which was taken at a time when there was a virus in your Exchange database (i.e. in an Email).  As long as it is not in the live database I don't think you have too much to worry about.  Run a full scan against Exchange if you are worried.
0
 

Author Comment

by:jamesmetcalf74
ID: 36951667
how to you run a full scan of exchange...
i remember you have to be careful about exchange and running av on it.
0
 
LVL 10

Assisted Solution

by:scriven_j
scriven_j earned 500 total points
ID: 36955012
Your normal anti-virus software will not be able to scan Exchange, you need AV software designed to scan Exchange (which will use API's to get access without locking the files).

Do you have Exchange specific Email?  Your normal AV supplier might do an Exchange component if not....
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 10

Assisted Solution

by:scriven_j
scriven_j earned 500 total points
ID: 36955013
Sorry - that should have said "Do you have Exchange specific Anti-Virus"
0
 

Author Comment

by:jamesmetcalf74
ID: 36957945
the symantec stated it to me...
endpoint automatically recognizes exchange environments and does not scan that databases.
but i was wondering if that exception was for the scheduled scans and manual scans or something similar.
0
 
LVL 10

Assisted Solution

by:scriven_j
scriven_j earned 500 total points
ID: 36961088

OK - looks like Endpoint doesn't support Exchange scanning.  Ideally you want some sort of scanning on your mailflow, either an internal solution such as Messagelabs or an system running on the Exchange box such as GFI Mail Security.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now