Robert, I have found Outbreak Manager to be flaky at best. Maybe I am not configuring it correctly. I have it set to trigger on 30 identical attachments detected within 5 minutes. It is to react automatically by blocking email with specific attachment name and then escalate to update DAT. The problem that I have is that it seems to start blocking the attachments for awhile. Then it will "unwind" the rule and release them and start letting them through again.
I want it to stop them all and let me decide to start letting them in again. There seems to be no rhyme or reason to the way that it works. Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -----Original Message----- From: Grupe, Robert [mailto:[EMAIL PROTECTED]] Sent: Friday, December 07, 2001 3:59 AM To: Powell, Ken Subject: RE: Exchange / McAfee / ePolicy Orchestrator Question See responses below... Robert Grupe, PE [EMAIL PROTECTED] -----Original Message----- From: Fred W. Macondray Jr. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 05 December, 2001 18:45 To: Exchange Discussions Subject: Exchange / McAfee / ePolicy Orchestrator Question Hi All, Sorry this is slightly off topic, but NAI is obviously swamped by Goner and I just hung up after 30 minutes on hold as I have much to do around here. Questions: 1) How can I distribute the Extra.DAT files from McAfee that cover the Goner virus to NetShield and groupshield with ePO? Currently the released versions of GroupShield for Exchange only have reporting capabilities with ePO, but configuration & policy support will be included in the next releases. 2) Is necessary to distribute the EXTRA.DAT file with or do the DAT files with the same date contain the signature of Goner too? As answered on the list, the 4174 dats contained the signature and can be rollout via Superdat (this will update all McAfee products running on the machine) or through the AutoUpdate within the products. 3) Outbreak manager... what's the typical configuration? What do you use (assuming you use GroupShield). There is no typical configuration since the creation of rules depend on the throughput of the server, number of users etc. For example a rule would be x number of identical attachments in y time - x needs to be large enough that a innocent file sent to a number of users does not trigger but Goner would with y being short enough to be effective. Thanks in Advance, Fred Fred Macondray Systems Administrator Virtual Purchase Card, Inc. mailto:[EMAIL PROTECTED] http://www.virtualpurchasecard.com - "Guaranteed B2B Purchases" _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
