eTrust Mail Watcher

Today, the overwhelming majority of viruses, worms and other malicious code are spread via email. We have all either experienced or heard of someone who double-clicked on an email attachment, only to realize after the fact that they executed a worm, or virus, that then spread itself ù VERY quickly ù using email.

In light of this, most people would agree that an email attachment - or any other program for that matter ù that is generating email, is doing something that warrants additional scrutiny.

If there were a way to detect that a program ù any program ù is attempting to generate email, and temporarily intervene, a user could be given the chance to examine what's going on and decide if this program that is attempting to generate email is something that they trust or not.

If they trust it, they allow it to continue, if not, they stop the attempt to generate the email "dead in its tracks".

This is what Mail Watcher does. It intercepts all attempts to generate email, and anything determined to be suspicious, is brought to the attention of the end user, who can decide for themselves if this is something they want to allow to happen or not.

To download Mail Watcher, please fill out the brief form below and then select 'download'. You will be prompted to save the executable file MailWatch.EXE, which is approximately 930 KB. If prompted to download the file or run it from its current location, select download file. To install Mail Watcher:

1) After download is completed execute the downloaded file MailWatch.EXE
2) Follow the instructions

Upon completion of the install, you'll find that Mail Watch will appear in your StartUp folder (as Mail Watcher). Select that item to start Mail Watch.

If you like, you may download a harmless VBS called test.vbs (1 KB) which can be used to demonstrate the capabilities of Mail Watcher and the kind of messages users will see. Save the file locally and execute the file to test your Mail Watcher installation.

What's New

• Improved compatibility and stability
• New preference option: "Run Mail Watcher on Windows start-up".
  This allows automatic startup of MailWatcher, even if the user decided to not install it into the startup group.
• New option under Details in case an object creation is trapped:
  "Disable all checks for the current application - always". After selecting this option the current application is considered to be safe and will no longer be monitored. This setting is persistent and will be remembered even after system reboots.

FAQ û eTrust Mail Watcher

How does the Mail Watcher work?
Mail Watcher monitors your system intercepting attempts to generate email looking for "suspicious" activity. For example, when an email attached executable is launched, and it attempts to generate other email, Mail watcher will alert the user and give the user the opportunity to prevent what could be a virus laden, massive email distribution from originating from their machine.

From what types of attachments will Mail Watcher protect my computer?
The protection provided by Mail Watcher is not limited or bound by any specific file type. Further, this protection extends beyond the email client environment. Its actually quite simple, MailWatcher "watches" for attempts to generate email. If MailWatcher detects an attempt to generate email that it deems "suspicious", it intervenes and asks the person at the desktop, if this is something they want to allow to continue.

The protection that MailWatcher offers then, against a Microsoft Word macro virus, like Melissa, or VBS Worms, like ILOVEYOU and Spammer, is protection against their being spread via email.

Specifically, if you are unfortunate enough to have some new worm or virus or trojan come out and make it onto your system somehow... when that thing executes - should it attempt to spread via email, MailWatcher will intervene - and give you a chance to stop this "bug" from spreading from your machine via email.

Will MailWatcher interfere with normal operations?
MailWatcher should not interfere with normal operations. It has been tested against a wide range of applications to minimize the potential for it to raise a false "Suspicious Activity" alert.

Recognizing that there WILL be certain application mixes found in client environments that we have not tested against, we specifically engineered MailWatcher to enable the end user to make the decision on whether to allow the email generation to take place.

In other words, MailWatcher gives you the chance to know what programs are generating email - and then you make the call as to whether this is something you think should be happening. It will NOT interfere with normal operations.

If Mail Watcher is installed, should I use InoculateIT PE and eTrust Content Inspection PE?
CA offers three FREE complementary solutions for the home user:

eTrust Content Inspection Personal Edition - This solution helps secure email client environments by protecting against the two most common techniques used by vandals who write email viruses and worms. Specifically, it blocks execution of all VBS programs launched from an email client environment, and blocks any attempt by an executable (.exe) launched from an email client environment, from accessing the filesystems.

InoculateIT Personal Edition - InoculateIT PE offers unrivalled virus protection. Be sure to update your signature file as new threats emerge.

Mail Watcher - Mail Watcher detects attempts to generate email by any program. Any email generation attempt that is deemed suspicious, will be brought to the attention of the user who can then intervene. This empowers end users, giving them a chance to block attempts by worms and viruses like Melissa and Cybernet from spreading themselves via email.

Together, these three products form a complete solution against all email-borne viruses!