Endpoint Protection

I've got some email alerts set up with batch files, using BLAT to send myself an email.  Command line batch file, using BLAT, to an smtp email server over port 25.

That worked fine until we install Symantec Endpoint Protection.

On the client side, under Change Settings, Viruses and Spyware Protection, Internet Email Auto-Protect, there's a check box for "enable internet email auto-protect."  When I uncheck that, my email alerts go through fine. 

Is there a way to allow certain outgoing email from "myself" through over port 25?  I wouldn't mind having the extra email protection, but my alert emails are fine to pass along.  Even scanning them and letting them pass is ok.  It's just an email with a little text file. 

And again, I don't know where else to post this.  This forum looks a little complicated.  This is the closet I could find to just "SEP AV."

Check this thread Mick2009 Comments

http://www.symantec.com/connect/forums/port-25

Mick2009

Please post the risk logs..

Ah.  I should add -- We're not using the Symantec Firewall with SEP.  We stuck with the Windows firewall.  There were too many settings to tweak on the servers so we just left the firewall off, including on the user computers.  Remote desktop was slowed down a lot too during testing with the SEP firewall.  We were happy enough the Windows firewall and didn't need any changes there.  That was a make or break issue for going with Symantec, being able to not install the firewall and continue with what we have already.

Still reading the threads on this....  

I do see some firewall policies though.  We have firewall policies from SEP but not the SEP firewall itself?  The client list says 'no' for firewall installed.  And the user computers still have Windows firewall 'on' when viewing the firewall settings on the user computers.

Are these SEP firewall policies still affecting anything or are they just there but not doing anything since we didn't install the SEP firewall?

I'll have to figure out something with these email alerts.  It looks like when I log off or the computer restarts any changes for turning off email protection on the client side get reset.  The email protection is back on on a few computers that restarted since yesterday.

I think I found it...

Policies

edit a policy

under email scans, internet email auto-protect

Then I can uncheck the enable internet email auto-protect.  And then it won't reset from the client side on the next logoff or restart, whichever does a policy reset.

These computers either aren't used for email or already have a daily full scan and active scans going on.  I'm thinking that should be good enough to catch anything in the off chance a virus gets in through email.  We've got other spam, virus filters on the email server to catch that stuff before it gets to the individual computers.

Change this setting

Symantec Endpoint Protection: Internet Email outgoing port setup on the client changes to incorrect settings upon reboot

http://www.symantec.com/business/support/index?page=content&id=TECH102911&key=54619&actp=LIST

Yes, that worked right away.  Locked it -- Minutes later the client side computers were happy and green again.

The solution....

We don't use the Symantec firewall, so that wasn't it.

The solution is to disable the email auto protect and to do that on the management side.  And to lock that so the policy gets spit out to the clients.  We're not using email on those machines anyway and we already have the full and active scans so it's not a whole deal.  Getting the alert emails out is important.