I currently am troubleshooting an odd issue we are seeing with random hangs of Windows explorer.exe, where the only way to get any functionality back is to kill explorer.exe and restart the process. As part of the trobuleshooting effort, I've opened cases with both McAfee and Microsoft and of course both sides are blaming the other at this point. McAfee has asked that I collect memory dumps for Explorer.exe and McShield.exe, and have recommended the procdump.exe tool mentioned here (https://kc.mcafee.com/corporate/index?page=content&id=KB74914).
It works fine for collecting a user-mode memory dump of Explorer.exe but every time I try it on McShield.exe, the dump process hangs as well and I have to physically restart the machine. I've also tried to accomplish the same thing using Windows task manager by right-clicking on the McShield.exe process, and choosing "Create Dump File." Unfortunately, the exact same thing happens here. When I asked McAfee about it, my technical resource assigned to the case said he hasn't seen the issue before and it works fine for him.
We are running VirusScan 8.8 Patch 4 with McAfee Agent 4.8 Patch 2. We do not enable Access Protection on the client side. Has anyone ever seen this behavior? I'm kind of stuck right now...
Do you tried create dump through task manager in another computer? And in security mode, You tried in this mode? In security mode with a load of less modules/drivers the process could be behave different and You can collect the dump normally.
Hey there -
Yes, I've tried on multiple machines while logged on with a local admin account. It happens on all the machines I've tried, including virtual copies of our image that I run through VMWare. Can you shed some light on the security mode you mentioned? I'm not familiar with it.
I haven't but I can certainly try - I don't know if Safe Mode would disable some of the McAfee services however. I also know that the McAfee tech was able to collect a dump without Safe Mode.