Endpoint Protection

 View Only

  • 1.  Question about "Symantec Email Proxy" message and SEP log

    Posted Oct 14, 2013 12:26 PM

    Hi Everyone,

    I was trying to test the security of a mail gateway by spoofing some smtp messages using a telnet client.  However I started to get popups indicating that the messages were being blocked.  I have included a screenshot below.  From what I can tell, this is the result of SEP detecting and blocking the smtp traffic.  I believe this is a feature of Internet Email Auto-Protect.  My first question:  is this indeed the result of Internet Email Auto-Protect.  Second question: where does this event get logged in SEP?

     

     proxy.jpg

    Thanks in advance,

    BzlBob



  • 2.  RE: Question about "Symantec Email Proxy" message and SEP log

    Posted Oct 14, 2013 12:29 PM

    See here

    Symantec Email Proxy pop-up - Code 1003,8

    Article:TECH171706  |  Created: 2011-10-13  |  Updated: 2012-07-21  |  Article URL http://www.symantec.com/docs/TECH171706

     



  • 3.  RE: Question about "Symantec Email Proxy" message and SEP log

    Trusted Advisor
    Posted Oct 14, 2013 12:33 PM

    Hello,

    Here's a link to the official corresponding Symantec article: Many Unexpected Pop-Ups from Symantec Email Proxy are Displayed

    That Email Proxy only examines messages for threats (worms, viruses, etc).  It does not scan for spam: there are other products which provide that protection (Symantec Mail Security for MS Exchange). As far as I am aware it wouldn't be responsible for sending mails like the ones you have added to this forum thread.

    All the same, I recommend that, as a best practice, steps are made to ensure that all clients are runnig the latest releases of SEP have up-to-date definitions, and all MS patches are applied. 

    The 5 Steps of Virus Troubleshooting

    Secondly, check these Articles:

    Symantec Email Proxy pop-up - Code 1003,8

    http://www.symantec.com/business/support/index?page=content&id=TECH171706

    SEP Email Proxy pop-up - Code 1003,8

    http://www.symantec.com/business/support/index?page=content&id=TECH185912

    and Check this thread

    http://www.symantec.com/connect/forums/symantec-error-proxy-10038

    Hope this helps! 



  • 4.  RE: Question about "Symantec Email Proxy" message and SEP log

    Posted Oct 14, 2013 12:53 PM

    Thanks for the quick response.  I saw those articles before I posted and they were interesting.  However I did not locate the answer to my question about logging the event.

    I checked the SEP GUI but did not see anything logged.  I did notice that if I click "Disable Symantec Endpoint Protection", during the couple of minutes it is disabled, I can spoof smtp messages.  I am not confusing this pop-up as something related to spam protection.  My goal is simply to find out if and where this event is logged on the client and/or SEPM.  I could see this as a potentially useful tool to look for workstations trying to send smtp traffic.

    Bob



  • 5.  RE: Question about "Symantec Email Proxy" message and SEP log
    Best Answer

    Posted Oct 14, 2013 12:59 PM

    Check the Security or System logs, if not there, I don't believe it is logged than



  • 6.  RE: Question about "Symantec Email Proxy" message and SEP log

    Posted Oct 14, 2013 01:15 PM

    Hi Brian,

    Doesn't appear to be logged.  I checked all of the logs.  Thanks for help.

    Bob