How to circumvent McAfee Access Protection

If your company runs McAfee’s anti virus software product and you need to write a windows application, in VB.net for instance, you find that McAfee will want to block any outgoing emails on standard email ports. Here’s how to work around that limitation.

While building a business application for internal use, I found that McAfee wanted to block all of my outgoing emails from my app. I also noticed that something (McAfee) was blocking my ability to telnet to an SMTP server on port 25. My application needed email capability, and I didn’t have time (or money) to negotiate with McAfee to get the application added to their special white-list.

So I asked my self the question, “How does outlook get around it? Or Thuderbird?”. The answer is that McAfee keeps a white-list of applications that are allowed to send mail.

You can find this list in the McAfee program under the Access Protection Properties.

Under the properties you’ll see a listing of categories on the left side. Click on the category marked Anti-virus Standard Protection. On the

right side you’ll see Prevent Mass Mailing Worms From Sending Email. If you click edit while high-lighting this, you’ll see the list of applications that can send email, also know as the white-list.

This was my white-list. Choosing any of these as your assembly name will allow your application to email on computers using McAfee.

agent.exe, amgrsrvc.exe, apache.exe, ebs.exe, eudora.exe, explorer.exe, firefox.exe, firesvc.exe, iexplore.exe, inetinfo.exe, mailscan.exe, MAPISP32.exe, mdaemon.exe, modulewrapper*, mozilla.exe, msexcimc.exe, msimn.exe, mskdetct.exe, msksrvr.exe, msn6.exe, msnmsgr.exe, neo20.exe, netscp.exe, nlnotes.exe, nrouter.exe, nsmtp.exe, ntaskldr.exe, opera.exe, outlook.exe, Owstimer.exe, pine.exe, poco.exe, RESRCMON.EXE, rpcserv.exe, SPSNotific*, thebat.exe, thunde*.exe, tomcat.exe, tomcat5.exe, tomcat5w.exe, VMIMB.EXE, webproxy.exe, WinMail.exe, winpm-32.exe, worldclient.exe, wspsrv.exe 

I haven’t had much luck in adding my exe name to this list – always seems to disappear after a certain period of time. So, I just changed my exe name to one that was on the list.

I Visual Studio 2008, you perform that in the project properties. In this case, I just used the exe name neo20.exe. I don’t know what application that belongs to, but it lets me send mail on PCs running McAfee.

Changing this has no effect on your actual project name, it only changes the name of the exe at run time.

I should also note that this will not allow your message to send emails during debugging sessions since Visual Studio actually runs the project as yourAssemblyName.vshost.exe. You’d have to add *.vshost.exe to the McAfee white-list. I could never get it to stick.

         

 

Here is an example of an error you may receive in Visual Studio if McAfee is blocking your application from sending mail

Comments

Posted On
Dec 17, 2011
Posted By
Tibbie

Super informative wrtiing; keep it up.

Posted On
Feb 06, 2012
Posted By
Martin

That the entry you add does not stick is caused by the McAfee ePolicy that the company probably uses to force settings for all McAfee products to all users / workstations. To have your application added to the list, kindly ask the department/person who is responsible for computer systems administration to have the application added to the whitelist that is kept in ePolicy Administrator.

I do not know if can add a link here, but here is how (McAfee KB article KB67544):
https://kc.mcafee.com/corporate/index?page=content&id=KB67544

Good luck!

Posted On
Feb 11, 2012
Posted By
admin

Thanks for the tip, I’ll definitely check it out.

Posted On
Jun 26, 2012
Posted By
Matt

Yup, as Martin says – just contact your IT department and say “McAfee is blocking port 25, could you unblock it please”. No need for complicated workarounds.

As long as you’re writing programs for business use there’s no reason they shouldn’t unblock it. I’m part of the team that manges the servers at a medium size business and we get asked occasionally and we don’t mind. However if a developer starts trying to find ways to “circumvent” company policies and the IT dept, you’ll just make us think we can’t trust you and lock things down even more!

Posted On
Jul 09, 2012
Posted By
rowan

No worries, I’m the IS Manager. The reason it was necessary to do this was that we’re a child domain of a much larger organization. It would have taken months to get the application white-listed. Maybe longer since they’re going through a ‘restructuring’…

Leave a Reply


Login