SMSME 7.5.0.56 running on SBS 2011.
I have a scheduled scan every weekend, and I've been getting 5-6 emails each time. The virus is always the same, which shows auto-protect is not catching them. Definitions are not an issue as it's always the same virus (Trojan.Mdropper).
The attachment "xxxx" located in message with subject "xxxx", located in xxxx has violated the following policy settings:
Scan: xxx
Rule: Unrepairable Virus Rule
The following actions were taken on it:
The attachment "xxxx" was Quarantined for the following reason(s):
Unrepairable virus Trojan.Mdropper was found.
Looks like endpoint then catches it when/if a user tries to open the attachment. MSE logs show first scan to have detected this on 6/7, then 6/21 and now 7/5. Why would auto-protect not detect them real-time?