In the thread Is it ever appropriate to Opt not to use DMON? (http://www.wilderssecurity.com/showthread.php?t=134399) I read the following:

-{ Quote: "The Email Monitor, or EMON for short, is a memory-resident anti-virus module which checks messages received by Microsoft Outlook 95 (or newer) when Outlook is configured to use Microsoft's MAPI (Messaging Application Program Interface) protocol to connect with a Microsoft Exchange server in Corporate Mode. EMON also works with Microsoft Outlook 2000 (or newer) when using the MAPI, POP3 or IMAP protocols to connect to with Microsoft Exchange and other mail servers.

EMON provides an additional layer of protection and is needed only when Microsoft Outlook used for a mail client. It does not need to be enabled if a mail client other than Microsoft Outlook is used. Other mail clients, including Microsoft Outlook Express, are checked for threats by IMON.
REV. 20060411AG" }-

I'm using a security appliance that uses RBL, content filters and two different AV engines to scan all messages. These are then forwarded to the Exchange server, where they are again scanned by NOD32's XMON.

Outlook users are logged in as non-privileged users on a Terminal Server that's also running NOD32.

I doubt if in this scenario enabling EMON on the Terminal Server has an advantage.

The first reason is I read about issues between EMON and Outlook 2003 and the second that there already multiple layers active. Getting dozens of programs working together on a Terminal Server is already stretching the limits and I don't want to introduce unnecesarry components that add another level to an already complex infrastructure.

I haven't had issues with EMON and Outlook 2K3. It's up to you wether you wish to drop a layer of security or not...leaving EMON enabled hardly uses even a smidgeon of resources.

Incoming mail appears to be scrubbed fine..but what about outgoing, say the workstation catches something through another means like a browser, which wants to find an SMTP outbound and start streaming out junk. Yeah technically AMON or IMON should have caught it...but..ah..endless debate, IMO...NOD32 is very light. That's one of the benefits of it, it's not like Symantec or McAfee where if you disable a service you're machine start springing to life with peppiness. With NOD32, you may find when you disable a module..she still performs the same....nice and quick.

What the heck is XMON? Never seen or heard of it. And been using NOD32 for over a year. I know AMON, DMON, EMON & IMON. But XMON?

-{ Quote: "What the heck is XMON? Never seen or heard of it. And been using NOD32 for over a year. I know AMON, DMON, EMON & IMON. But XMON?" }-

It is NOD32 for MS Exchange Server (http://www.nod32.com.hk/products/exchange.htm).

-{ Quote: "I haven't had issues with EMON and Outlook 2K3. It's up to you wether you wish to drop a layer of security or not...leaving EMON enabled hardly uses even a smidgeon of resources." }-

Allright, I can enable it on one server and evaluate how this behaves compared to other servers with EMON disabled.

-{ Quote: "Incoming mail appears to be scrubbed fine..but what about outgoing, say the workstation catches something through another means like a browser, which wants to find an SMTP outbound and start streaming out junk. Yeah technically AMON or IMON should have caught it...but..ah..endless debate, IMO..." }-

Good point about the outgoing e-mail. Previously we used a non-MS server O/S and non-Outlook mail client and didn't have to consider these kind of issues ;D

Outbound port 25 through the Internet is only allowed through the security appliance, which does allow relaying from our mail servers. I haven't enabled smarthosting from the Exchange server to the security appliance to have the appliance scan for outgoing mail. The reason is that appliance has insufficient processing power, and I'm still waiting for a faster server to become available.

Outbound from workstations isn't an issue, because the workstation IP range doesn't have access to port 25.

I now have enabled relaying to our Exchange server from the server IP range, which also includes the Terminal Servers. The reason is that many servers still require SMTP for status reports. I've also configured NOD32 to send notifications via SMTP.

This leaves outbound SMTP somewhat vulnerable if malware manages to install itself on a server, detect the correct IP address for the Exchange server and route SMTP through the Exchange server without XMON detecting it.

-{ Quote: "NOD32 is very light. That's one of the benefits of it, it's not like Symantec or McAfee where if you disable a service you're machine start springing to life with peppiness. With NOD32, you may find when you disable a module..she still performs the same....nice and quick." }-

Previously we used another big name AV, were indeed the machine starts springing to life when you disable the service. For starters I'll try leaving everything enabled except for IMON and see how it goes.

-{ Quote: "
Previously we used another big name AV, were indeed the machine starts springing to life when you disable the service. For starters I'll try leaving everything enabled except for IMON and see how it goes." }-

I think you'll find it will do just fine. I understand the desire to get things "lean" as possible so TS runs better....but you may find it's doing just fine, and squashing a couple of services in NOD really doesn't change performance. Tossing a few more sticks of RAM in the TS box will do better.

-{ Quote: "I think you'll find it will do just fine. I understand the desire to get things "lean" as possible so TS runs better....but you may find it's doing just fine, and squashing a couple of services in NOD really doesn't change performance. Tossing a few more sticks of RAM in the TS box will do better." }-

Performance and memory isn't an issue. My major concern is application stability. We have installed dozens of programs including not so well behaving Industry-Specific programs and also Payrol, Finance software. The more components I introduce the difficult it gets to troubleshoot issues.

-{ Quote: "Performance and memory isn't an issue. My major concern is application stability. We have installed dozens of programs including not so well behaving Industry-Specific programs and also Payrol, Finance software. The more components I introduce the difficult it gets to troubleshoot issues." }-

Out of all the corporate antivirus packages I've dealt with...across many clients who run many different types of business software....I've had the least problems with NOD32. Installs, stability, performance...it's been the smoothest I've used.

I've only seen one compatibility issue here...and that's a colleague of mine who I introduced to NOD32...he set it up at a dentists office...I forget which software they used..but he had an issue with IMON running with it. I have several dental office clients, using different software (Eaglesoft, Dexis), and they have no issues with it.

Accounting? I've never had issues with it. Blackbaud, Great Plains, Intuit products, Sage products, MYOB, I have one very large CPA/Payrool firm I take care of...they run tons of accounting apps...no issues.

Good to hear about your experiences with NOD32 and business software. I heared a lot about AV causing problems, but couldn't find much information about NOD32.

Because we're using Terminal Server IMON is disabled, so I don't expect any issues related to IMON.

I'm afraid we only use payroll, finance and industry-specific software which is only known on the Dutch market. An exception being business intelligence sofftware.

Our primary line of business software refused to run, but this was caused by DEP on 2003 SP1. We've decided to disable DEP on all our Terminal Servers.

Decided to disable EMON. I started to receive the following error messages: "29-6-2006 16:59:56 - During execution of EMON - Microsoft Outlook email monitor on the computer XXXXX, the following warning occurred: Attempt to save changes in email failed " This was with users from the finance department.

The only reference I found on this forum concerning this issue didn't offer a solution on how to solve this. With all the protection layers I currently have I prefer to disable EMON.

Was Outlook (Office) fully patched? What version?

Any prior COM add ins in Outlook that were leftover from prior antivirus packages? That's one of the first places I'd look if having a plugin problem with Outlook.

-{ Quote: "Was Outlook (Office) fully patched? What version?" }-

Outlook 2003 SP2 and Exchange 2003 SP2 on Windows 2003 SP1.

-{ Quote: "Any prior COM add ins in Outlook that were leftover from prior antivirus packages? That's one of the first places I'd look if having a plugin problem with Outlook." }-

We don't have any prior COM add ins or AV packages. Everything is from a fresh install.

I appreciate your efforts, but holidays are coming up and I have to wrap up everything before I leave. Unless there's are an easy solution I prefer to leave EMON disabled.

-{ Quote: "Decided to disable EMON. I started to receive the following error messages: "29-6-2006 16:59:56 - During execution of EMON - Microsoft Outlook email monitor on the computer XXXXX, the following warning occurred: Attempt to save changes in email failed " This was with users from the finance department.

The only reference I found on this forum concerning this issue didn't offer a solution on how to solve this. With all the protection layers I currently have I prefer to disable EMON." }-Just sounds like EMON is having a hard time appending it's 'Checked by EMON' tag line to the bottom of the email for some reason - you can easily disable appending of messages via the Control Center to see if that resolves it.

Cheers :)

-{ Quote: "Just sounds like EMON is having a hard time appending it's 'Checked by EMON' tag line to the bottom of the email for some reason - you can easily disable appending of messages via the Control Center to see if that resolves it." }-

I just checked and notifications are set "To infected email only". I've re-enabled EMON and configured it to "Never" and I'll evaluate what happens.

Still receiving error messages. Decided to disable EMON, because I currently don't have time to troubleshoot this issue.