Changes made in the Symantec Mail Security for Microsoft Exchange (SMSMSE) administration console do not take effect in email processing when windows 2008 User Account Control (UAC) virtualization is enabled

Article:TECH165468  |  Created: 2011-07-25  |  Updated: 2013-10-30  |  Article URL http://www.symantec.com/docs/TECH165468
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


Issue



A policy change is made in the SMSMSE Administration console.  However the other SMSMSE components do not read the change and take the appropriate actions.

The following are examples:

  • A new content filtering rule is configured.  However mail is not blocked.
  • Premium AntiSpam is enabled.  However SPAM is not blocked.
  • Changing a content filtering/file scanning rule from Quarantine to Log Only.  However email is still quarantined.

Conditions

  • User Account Control Virtualization is enabled.

1. Open the Local Security Policy MMC.
2. Click on Local Policies|Security Options.
3. If User Account Control: Virtualize file and registry write failures to per-user locations is Enabled then this condition is met.

  • Microsoft procmon log shows that writes to the SMSMSE directories are redirected to per-user locations.

1. The process monitor log shows the file C:\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml being opened for read/write access however it is redirected to C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml

03:35.1 DllHost.exe 572 CreateFile C:\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml REPARSE Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, OpenResult: Superseded
03:35.1 DllHost.exe 572 CreateFile C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, OpenResult: Overwritten
03:35.1 DllHost.exe 572 WriteFile C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS Offset: 0, Length: 2, Priority: Normal
03:35.1 DllHost.exe 572 WriteFile C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS Offset: 2, Length: 2,562
03:35.1 DllHost.exe 572 FlushBuffersFile C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS
03:35.1 DllHost.exe 572 FASTIO_ACQUIRE_FOR_CC_FLUSH C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS
03:35.1 DllHost.exe 572 WriteFile C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal
03:35.1 DllHost.exe 572 FASTIO_RELEASE_FOR_CC_FLUSH C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS
03:35.8 DllHost.exe 572 CloseFile C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS
03:35.8 DllHost.exe 572 IRP_MJ_CLOSE C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS
03:35.8 DllHost.exe 572 IRP_MJ_CLOSE C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS
03:36.6 System 4 SetEndOfFileInformationFile C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS EndOfFile: 2,564
03:36.6 System 4 CreateFileMapping C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS SyncType: SyncTypeOther
03:36.6 System 4 FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS
03:36.6 System 4 IRP_MJ_CLOSE C:\Users\johndoe\AppData\Local\VirtualStore\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS

2. Then later on the SAVFMSETask.exe reads the file from the "real" directory: 

04:00.4 SAVFMSETask.exe 1836 CreateFile C:\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
04:00.4 SAVFMSETask.exe 1836 ReadFile C:\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS Offset: 0, Length: 2, Priority: Normal
04:00.4 SAVFMSETask.exe 1836 QueryStandardInformationFile C:\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS AllocationSize: 4,096, EndOfFile: 3,312, NumberOfLinks: 1, DeletePending: False, Directory: False
04:00.4 SAVFMSETask.exe 1836 ReadFile C:\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml FAST IO DISALLOWED Offset: 2, Length: 3,310
04:00.4 SAVFMSETask.exe 1836 ReadFile C:\Program Files (x86)\Symantec\SMSMSE\6.5\Server\SpamPrevention\AntiSpamActions2007.xml SUCCESS Offset: 2, Length: 3,310, Priority: Normal

 


Environment



  • Windows 2008

Cause



The SMSMSE Administration console is being affected by UAC virtualization.  All changes made to files on the file system are written to the virtualized file system rather than the "real" location.  

The other SMSMSE services are not affected by the UAC virtualization.  They read the settings from the "real" location.  Since these settings files are not updated no changes take effect.


Solution



This issue is fixed in SMSMSE 7.0.2. Upgrade to 7.0.2 to resolve this issue.

Workaround

Configure the SMSMSE Administration Console to run always as administrator:

1. Right click the console icon and choose Properties.
2. Click the Open File Location button.
3. Right click the file Symantec.Cmaf.UI.exe and click Properties
4. On the Compatibility tab check Run this program as an administrator
5. Click Ok.

 

 


Supplemental Materials

SourceETrack
Value2477611


Article URL http://www.symantec.com/docs/TECH165468


Terms of use for this information are found in Legal Notices