Showing results for 
Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 1

8.8P1 event 5051 on EICAR detection

I currently have a support case open with McAfee regarding the scan engine crashing when detecting the EICAR test file on volumes other than C: when the filename ends in .TXT.  Here's an example event log entry:

Log Name:      Application
Source:        McLogEvent
Date:          2/16/2012 3:12:10 PM
Event ID:      5051
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      SERVERNAME
A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 120000 ms to complete a request.
The process will be terminated. Thread id : 3124 (0xc34)
Thread address : 0x00000000778F138A
Thread message :

Build VSCORE. / 5400.1158
Object being scanned = \Device\HarddiskVolume7\test\eicar.txt
by C:\Windows\system32\cmd.exe

I have reproduced this issue on our 3-node Storage Server 2008 R2 SP1 cluster as well as another physical server and several VMs.  The last test with the VM was after a base install of 2008 R2 SP1 (not domain joined, no ePO agent) and installing 8.8 w/ P1 included.  The problem does not occur when using VSE 8.8 without patch 1. 

McAfee will detect the EICAR file if I copy it from an excluded location to any other filename that does not end in .TXT.  It will also detect EICAR.TXT on the C: volume. 

Support has stated that they are unable to reproduce the issue.  Anyone else want to see if they can reproduce this on any of their machines?   I've had the case open for over a month and I'd like to get this resolved.