Endpoint Protection

 View Only

  • 1.  Missing outlook plugin. Not detecting Eicar files

    Posted Oct 21, 2012 01:47 PM

    Hi everyone,

    I have been a long time checking for a solution or at least information that can tell me something about this little plugin, but nothing solved my doubts on these threads.

     

    I have a customer that need to test the outlook plugin, but he has the SMS on the exchange server and he cannot disable it to make the tests, obviously.

    The thing is that the tries to send an email with an eicar attached, but no notification of virus from Outlook AP appears. He saves it on a draft, and also nothing: the attachment still continue there. He can preview it, and when he open it, its detected by normal SEP Autoprotect.

    In others threads, this solution was given:

    --------------

    If you use Microsoft Outlook over MAPI or Microsoft Exchange client and you have Auto-Protect enabled for email, attachments are immediately downloaded to the computer that is running the email client. The attachments are scanned when the user opens the message. If you download a large attachment over a slow connection, mail performance is affected. You may want to disable this feature for users who regularly receive large attachments.

    -----------

    But personally i dont get the point. Does this means that the attachment is saved on the computer and after opening it, its detected? Isnt it the role of the normal AutoProtect?

    The second thing is that no icon, or option for scanning is displayed on the emails.

    The plugin is correctly installed and enabled. The version is SEP 12.1 RU1 MP1, and outlook 2010. I know i should recommend the customer not to install, but he wants to know how it works.

    I would appreciate any suggestion or explanation of how this plugin works, and if possible how it could be possible to test in my customers case.

     

    Thank you very much in advance!



  • 2.  RE: Missing outlook plugin. Not detecting Eicar files

    Trusted Advisor
    Posted Oct 22, 2012 04:55 AM

    SEP is not a dedicated email scanning product it will only pick up the items when accessed on the local machine. Also by default logging of eicars is turned off on the SEPM this needs to be turned on to check the logs for eicars.

    For mail scanning something like SMSME needs to be placed on the excahnge server.



  • 3.  RE: Missing outlook plugin. Not detecting Eicar files

    Posted Oct 22, 2012 05:18 AM

    Thank you GeoGeo!

    I will check the eicar options on manager.

    The last thing, do you know if some options should appear on the emails, or an option to scan the attachment? I guess no..

    I really dont see the point on this plugin. It does not generate trust on customers, i think.



  • 4.  RE: Missing outlook plugin. Not detecting Eicar files

    Posted Oct 22, 2012 07:25 AM

    Btw, where is the option to enable/disable Eicar logging on the manager? I can not find it.

    Thx!



  • 5.  RE: Missing outlook plugin. Not detecting Eicar files

    Posted Oct 22, 2012 07:33 AM

    HI,

    About Auto-Protect and email scanning
    http://www.symantec.com/docs/TECH95093

    Check this thread also

    http://www.symantec.com/connect/forums/internet-e-mail-not-scanned-its-arrival



  • 6.  RE: Missing outlook plugin. Not detecting Eicar files

    Trusted Advisor
    Posted Oct 22, 2012 08:15 AM

    Hello,

    Internet Email Auto-Protect protects both incoming email messages and outgoing email messages that use the POP3 or SMTP communications protocol over the Secure Sockets Layer (SSL). When Internet Email Auto-Protect is enabled, the client software scans both the body text of the email and any attachments that are included.

    You can enable Auto-Protect to support the handling of encrypted email over POP3 and SMTP connections. Auto-Protect detects the secure connections and does not scan the encrypted messages. Even if Internet Email Auto-Protect does not scan encrypted messages, it continues to protect computers from viruses and security risks in attachments.

    Email attachments are frequently the culprits in virus attacks. To protect yourself from viruses transmitted through email attachments:

    • Don't open any attachment you were not expecting, even if it comes from a trusted source, such as a family member, co-worker, or friend.
    • If you do not know the sender of a message that includes an attachment, delete the message without reading it.
    • Do not open any attached file ending in .exe, .vbs, or .lnk.
    • Never open an attachment without verifying that it's virus free. To open an attachment, first save it to your hard drive and then scan it with antivirus software, such as Symantec Endpoint Protection.

    Incase of Suspicion, it is recommended to submit the Attachment to the Symantec Security Response Team on https://submit.symantec.com/essential

    OR

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    However, incase if you feel, there is a Virus on the email attachment and Symantec is not detecting it, then save the attachment on the hard drive and submit the Attachment to the Symantec Security Response Team as suggested above.

    Reference: https://www-secure.symantec.com/connect/forums/internet-e-mail-not-scanned-its-arrival

    Hope that helps!!