Endpoint Protection

I've got some batch files running on user computers.  They run occasionally.  And I have them run on their own, not when anyone (me) is logged in.

 

At the end I added blat.exe which can email me after the task is completed.  It's a really nice perk... "Yes, this batch file just ran."  And it's a little more in my face that it's complete, as opposed to check a log file myself.  (Log file still works, so if blat doesn't work I can always keep doing that... .if I must.)

 

When I log in and manually run the batch file file, I get the blat email.

When the batch file runs on its own, I know it hits the blat part, but I don't get any email.  I see from the blat output info that it's erroring out -- can't connect to server.

 

I'm pretty sure it's SEP blocking it. 

I ran into blat not working on some internal servers.  Same idea -- done with task or a problem with a monitored task... send me an email.  We took off the email policy on those machines, problem solved, I got blat emails. 

These are user machines though.  I want email policy on there.  But I still want my blat emails to notify me.

How do I set an except for blat in SEP?  Ideally, it could be for a blat email, from me, to me, on a certain port....  It could be that specific.  I really don't see it being abused by spammers.  I still don't want to open up every user's email just so I can get email notification just because it's nice.

How do I let my blat emails through on the user machines?  What do I have to tweak in the policies to allow that to happen?

I should add... We're not using the SEP firewall. We weren't interested in that feature. Still the Windows firewall. Blat worked fine before we went to SEP though. I'm confident it's the email policy thing we took off before. This time, I'd just like to allow an exception. It could be as specific as... a blat sent email, from me, to me and possibly a few coworkers, sent on a specific port, sent to a specific smtp address. I don't see a spammer spoofing all that.

You can't add exceptions for the email plugin in SEP. It's all or nothing.

For the Internet Email Auto-Protect, on the Advanced tab, uncheck Outbound worm heuristics. See if that fixes it.

Another thing I was curious about...

 

Why does it matter if I'm logged in?  I would think SEP would block all the time.  If I'm logged in, the email is sent.  If I'm not logged in, no email is sent.  I need to get it working for when I'm not logged in.

Possible work around.... Just change the email policy on user computer while I run batch files. It's not a frequent event. I could swap out the email policy in the afternoon or evening and run batch files overnight. Return the email policy in the morning.

Good tests.... The worm heuristics idea didn't work. I removed that. Still no emails sent. I removed all email scanning like did with my other little 'server' machines that monitor and email me. Bingo... I got my email from the test user machine like I wanted. So it is SEP blocking blat. But no great solution.... The policy did update quickly after I took email off. Change policy, update clients... It was within minutes, maybe even less than a minute. So I could just swap the policy out when I run my batch files. Swap it back the next day when I'm done. An extra step, an exception for my blat emails would be great, but it will probably work. Or maybe there's another setting in there to change or temporarily change... I saw it was scanning port 25 outgoing that blat uses. If I change that, maybe blat would get through....

You may want to call support and work with them.

Or maybe an encrypted blat email.... I see encrypted emails aren't scanned by SEP. Nice.... If I do swap policies, the monitor page on SEPM, command status tab, shows if the clients have been updated. Except I get the feeling this command status box is waaaay slower than the client machine actually doing the policy update.

Also usable... I just switch the port on outgoing mail server, smtp, to a different port.  My blat email came through on a test user machine.

At least just switching the port number will keep everything else in place.

The command status page is fairly worthless for this.  It still says the client hasn't updated its policies yet.  I've already run the test.

I guess that's good enough for now.  I could actually go back and re-enable email scanning on my other mini-server machines.

Here's my other thread.

https://www-secure.symantec.com/connect/forums/how-allow-outgoing-email-alerts-sep

 

Changing the port number on outgoing email is a better solution.

Hm.  I'm not finding any other ideas.  I keep finding my Sept 2012 post about it.

 

This port changing work around is good enough for now, but it could be improved. I submitted it as an idea on here.

Have you gone to the blat  website and check that you have the latest version of blat?  And also check all of the command line switches?  We are using blat with NetBackup and it always works OK for us even if we are not logged in.  SEP 12 RU2 is running on all of our boxes.

No luck. The other machines are running blat 3.0.2.0. Only works with SEP off on auto protect email or by switching the port. I tried blat 3.1.1.0. No change. Same results. http://www.blat.net/ This is the line I'm using for blat.... c:\Users\moi\Desktop\blat\blat.exe -f moi@moi.com -to moi@moi.com -s "my subject" -body "my message" -server servergoeshere:25 I've tried having blat run off a network location or on the machine itself. It doesn't matter either way. It will run fine from a network location too (but I have to be logged in). I picked the 32 bit version of blat. I figured that would run on any machine that way.