Version

Argent Advanced Technology 3.1A-1307-A or above

Date

Tue, 25 Jun 2013

Summary

Doing port scanning on specific ports is a way of testing the availability of an application or even a server.

Rules with such functionality are available in Argent Guardian (Argent Extended Technology) and Argent for Exchange (Argent Advanced Technology).

Although the Rule in one application may function properly, it may break in the other.

Technical Background

Port scans from Argent Daughter Engines over specific port 25 passes fine from Argent Guardian and via an Argent-independent tool such as telnet (telnet TARGETSERVER 25)

However when attempting to run the Relator in test mode in another product, the Rule fails.

Resolution

The server’s firewall application may be restricting access. (Especially as port 25 can be used for mass-mailing malware and spams)

Ensure all processes in the Argent installed folder is excluded from the firewall, or the {PRODUCT}_MONITOR_ENGINE.EXE are allowed.

E.g.C:\Argent\ArgentForExchange\X64\ ARGSOFT_EX_MONITOR_ENGINE.EXE

Below, are a number of screenshots showing the steps to rectify this in McAfee Virus Scan Enterprise 8.8.0:

Click For Full Size

The blocking rule as shown in McAfee logs:

Click For Full Size

Shows which .exe file and what port is being restricted:

Click For Full Size

To address this in McAfee’s VirusScan Enterprise 8.8.0 in access protection policy for “SERVER”

Click For Full Size

The .exe file is added so the connection will be allowed.