Brandie Tarvin (8/31/2011)
I just received a Severity 20 Error Alert:
next message is a warning that says:
Event Type: Warning
Event Source: McLogEvent
Event Category: None
Event ID: 258
Time: 6:33:02 AM
User: NT AUTHORITY\SYSTEM
Would be blocked by port blocking rule (rule is in warn-only mode) (Anti-virus Standard Protection
revent mass mailing worms from sending mail).
This Event Log is obviously from McAffe.
That email waring and what you are describing would make me check for anything McAffe might be doing on that server since the last Virus/Spam/BlackHole lists update.
Since that log message is from McAfee , Check all you McAfee settings for that server.
Also McAfee is telling you that something tried to do a mass email.
Is that something this server usually does? If it does this is what McAffe has to say about it.
McLogEvent - Event 258
This warning is informational only and can be safely ignored.
To disable these type of messages, do the following.
Run the McAfee Virus Scan Console
Select Tools -- Alerts
Click the 'Additional Alerting Options' Tab
Change the severity folder to severity < 4