EMON and XMON

Discussion in 'Other ESET Home Products' started by andrator, Jun 14, 2006.

Thread Status:
Not open for further replies.
  1. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    In the thread Is it ever appropriate to Opt not to use DMON? I read the following:

    I'm using a security appliance that uses RBL, content filters and two different AV engines to scan all messages. These are then forwarded to the Exchange server, where they are again scanned by NOD32's XMON.

    Outlook users are logged in as non-privileged users on a Terminal Server that's also running NOD32.

    I doubt if in this scenario enabling EMON on the Terminal Server has an advantage.

    The first reason is I read about issues between EMON and Outlook 2003 and the second that there already multiple layers active. Getting dozens of programs working together on a Terminal Server is already stretching the limits and I don't want to introduce unnecesarry components that add another level to an already complex infrastructure.
     
  2. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I haven't had issues with EMON and Outlook 2K3. It's up to you wether you wish to drop a layer of security or not...leaving EMON enabled hardly uses even a smidgeon of resources.

    Incoming mail appears to be scrubbed fine..but what about outgoing, say the workstation catches something through another means like a browser, which wants to find an SMTP outbound and start streaming out junk. Yeah technically AMON or IMON should have caught it...but..ah..endless debate, IMO...NOD32 is very light. That's one of the benefits of it, it's not like Symantec or McAfee where if you disable a service you're machine start springing to life with peppiness. With NOD32, you may find when you disable a module..she still performs the same....nice and quick.
     
  3. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    What the heck is XMON? Never seen or heard of it. And been using NOD32 for over a year. I know AMON, DMON, EMON & IMON. But XMON?
     
  4. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    It is NOD32 for MS Exchange Server.
     
  5. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    Allright, I can enable it on one server and evaluate how this behaves compared to other servers with EMON disabled.

    Good point about the outgoing e-mail. Previously we used a non-MS server O/S and non-Outlook mail client and didn't have to consider these kind of issues :D

    Outbound port 25 through the Internet is only allowed through the security appliance, which does allow relaying from our mail servers. I haven't enabled smarthosting from the Exchange server to the security appliance to have the appliance scan for outgoing mail. The reason is that appliance has insufficient processing power, and I'm still waiting for a faster server to become available.

    Outbound from workstations isn't an issue, because the workstation IP range doesn't have access to port 25.

    I now have enabled relaying to our Exchange server from the server IP range, which also includes the Terminal Servers. The reason is that many servers still require SMTP for status reports. I've also configured NOD32 to send notifications via SMTP.

    This leaves outbound SMTP somewhat vulnerable if malware manages to install itself on a server, detect the correct IP address for the Exchange server and route SMTP through the Exchange server without XMON detecting it.

    Previously we used another big name AV, were indeed the machine starts springing to life when you disable the service. For starters I'll try leaving everything enabled except for IMON and see how it goes.
     
    Last edited: Jun 14, 2006
  6. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I think you'll find it will do just fine. I understand the desire to get things "lean" as possible so TS runs better....but you may find it's doing just fine, and squashing a couple of services in NOD really doesn't change performance. Tossing a few more sticks of RAM in the TS box will do better.
     
  7. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    Performance and memory isn't an issue. My major concern is application stability. We have installed dozens of programs including not so well behaving Industry-Specific programs and also Payrol, Finance software. The more components I introduce the difficult it gets to troubleshoot issues.
     
  8. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Out of all the corporate antivirus packages I've dealt with...across many clients who run many different types of business software....I've had the least problems with NOD32. Installs, stability, performance...it's been the smoothest I've used.

    I've only seen one compatibility issue here...and that's a colleague of mine who I introduced to NOD32...he set it up at a dentists office...I forget which software they used..but he had an issue with IMON running with it. I have several dental office clients, using different software (Eaglesoft, Dexis), and they have no issues with it.

    Accounting? I've never had issues with it. Blackbaud, Great Plains, Intuit products, Sage products, MYOB, I have one very large CPA/Payrool firm I take care of...they run tons of accounting apps...no issues.
     
  9. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    Good to hear about your experiences with NOD32 and business software. I heared a lot about AV causing problems, but couldn't find much information about NOD32.

    Because we're using Terminal Server IMON is disabled, so I don't expect any issues related to IMON.

    I'm afraid we only use payroll, finance and industry-specific software which is only known on the Dutch market. An exception being business intelligence sofftware.

    Our primary line of business software refused to run, but this was caused by DEP on 2003 SP1. We've decided to disable DEP on all our Terminal Servers.
     
  10. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    Decided to disable EMON. I started to receive the following error messages: "29-6-2006 16:59:56 - During execution of EMON - Microsoft Outlook email monitor on the computer XXXXX, the following warning occurred: Attempt to save changes in email failed " This was with users from the finance department.

    The only reference I found on this forum concerning this issue didn't offer a solution on how to solve this. With all the protection layers I currently have I prefer to disable EMON.
     
  11. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Was Outlook (Office) fully patched? What version?

    Any prior COM add ins in Outlook that were leftover from prior antivirus packages? That's one of the first places I'd look if having a plugin problem with Outlook.
     
  12. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    Outlook 2003 SP2 and Exchange 2003 SP2 on Windows 2003 SP1.

    We don't have any prior COM add ins or AV packages. Everything is from a fresh install.

    I appreciate your efforts, but holidays are coming up and I have to wrap up everything before I leave. Unless there's are an easy solution I prefer to leave EMON disabled.
     
  13. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Just sounds like EMON is having a hard time appending it's 'Checked by EMON' tag line to the bottom of the email for some reason - you can easily disable appending of messages via the Control Center to see if that resolves it.

    Cheers :)
     
  14. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    I just checked and notifications are set "To infected email only". I've re-enabled EMON and configured it to "Never" and I'll evaluate what happens.
     
  15. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    Still receiving error messages. Decided to disable EMON, because I currently don't have time to troubleshoot this issue.
     
Thread Status:
Not open for further replies.