cancel
Showing results for 
Search instead for 
Did you mean: 
RayP
Level 7
Report Inappropriate Content
Message 1 of 8

DAT 8183 Blue Screen XenApp SelfServices.exe

Since this morning all our XenApp 6.5 servers has been updated to DAT version 8183.0000

Now the following error message appears in the event viewer:

Event viewer ID: 5051

Event ID 5051

A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated. Thread id : 12816 (0x3210)

Thread address : 0x0000000076DAC08A

Thread message :

Build VSCORE.15.1.0.543 / 5800.7501

Object being scanned = \Device\HarddiskVolume3\Users\%username%\AppData\Local\Citrix\Receiver\WindowsAppRHelper_SelfService.exe.dll

by C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe

Followed by Event ID: 7034

Event ID 7034
The McAfee McShield service terminated unexpectedly.  It has done this 35 time(s).

Then after a while the Server unexpected reboots with a Blue Screen.

Used products:

-McAfee ePolicy 5.1.1.

-McAfee VirusScan Enterprise 8.8 Patch 4

The environment hasn't been changed..only the VirusScan Enterprise has a new DAT file.

With version 8182 and before we had no Event ID's 5051.

What has been changed in version DAT 8183?

For now we added the selfservice.exe as low risk policy.

Regards,

Ray

7 Replies
tomz2
Level 11
Report Inappropriate Content
Message 2 of 8

Re: DAT 8183 Blue Screen XenApp SelfServices.exe

Hi RayP -


DAT 8183 has a confirmed issue that causes McShield.exe to terminate. Until the next DAT is released it is recommended to rollback to DAT 8182.

RayP
Level 7
Report Inappropriate Content
Message 3 of 8

Re: DAT 8183 Blue Screen XenApp SelfServices.exe

Hi Tomz2,

Thanks for your reply.

Is that information official published? Where can I find this kind of information?

Regards,

Ray

twenden
Level 13
Report Inappropriate Content
Message 4 of 8

Re: DAT 8183 Blue Screen XenApp SelfServices.exe

Didn't see any reports of DAT 8183 but did get an emai saying that 8184 is being delayed for further testing.

dr0h_
Level 7
Report Inappropriate Content
Message 5 of 8

Re: DAT 8183 Blue Screen XenApp SelfServices.exe

There's a confirmed problem with DAT 8183. I had the VSE service crash on ~400 servers this morning. It seems to have only impacted my Windows 2008 R2 servers. I'm running VSE 8.8 P7 across the board. Issues occurred across Citrix XenApp and Infra servers (file, SQL, etc). I didn't have any reboots, though, just the service crashes.

McAfee support confirmed that they've had a few escalations on the same issue (this was around 11 am EDT), but hadn't tracked down a cause as of yet. They did also confirm that 8184 was being withheld until this issue was identified.

It's highly recommended that you log a call and potentially submit some MER logs, as it may help them identify the root cause.

Cheers

-Joshua

tomz2
Level 11
Report Inappropriate Content
Message 6 of 8

Re: DAT 8183 Blue Screen XenApp SelfServices.exe

DAT 8184 was released a couple hours ago. You will need to rollback to 8182 and then you can move forward to 8184. If this does not work for you or your organization, log a call with support and they can provide options.

Re: DAT 8183 Blue Screen XenApp SelfServices.exe

Hi Ray,

Because it has VSE 8.8 P4 and part of the error messages in common, I share my experience hereon:

I have the same error messages with the (delayed) release of the DAT 8184 on our Windows 2008 R2 based VSES 1.1.0 AV scanning blades.

Due to compatibility issues with VSES and VSE, they are still running VSE 8.8 P4. I did not have issues with the Windows 2012 Server based VSES 1.1.0 installations, so it might be platform dependent.

In my situation the incremental update failed. I had the following message in the Agent's log:


2016-06-03 02:41:02.756    i    #3980    Updater    Error occurred while copying . File is locked or missing from the package.


2016-06-03 02:41:02.756    i    #3980    Updater    Update failed to version 8184.0000.


In Eventlog I have the following events:


ID: 5051


Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.



ID: 259


Description: Unable to connect to filer <IP>: -1073741635



ID: 7031


Description: The McAfee VirusScan Enterprise for Storage service terminated unexpectedly.  It has done this 1 time(s).



ID: 7031


Description: The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).


I worked around this issue by downloading the current signature files from McAfee, Inc. - Downloads - Virus Protection - DAT Files. There were only a couple of systems (6) to update this way and the manual installation worked. Now I'm about to update to VSE 1.2.0 to be able to get rid of VSE 8.8 P4.

I also opened a supportcase (SR 4-14506430771) regarding this.

regards,

Nik

twenden
Level 13
Report Inappropriate Content
Message 8 of 8

Re: DAT 8183 Blue Screen XenApp SelfServices.exe

Looks like McAfee has released a KB article relating to this. It is KB87253.

https://kc.mcafee.com/corporate/index?page=content&id=KB87253&actp=null&viewlocale=en_US&showDraft=f...

Environment

McAfee Agent (MA) 4.x, 5.x
McAfee VirusScan Enterprise (VSE) 8.8.x

Windows 2008 R2 (64-bit)
Windows 7 (64-bit)

Problem 1

The VSE Mcshield service stops working unexpectedly on Windows 2008 R2 (64-bit) and Windows 7 (64-bit) systems after updating to DAT 8183.

Problem 2

Unable to update to DAT 8184 and later on Windows 2008 R2 (64-bit) and Windows 7 (64-bit) systems after installing or deploying DAT 8183.

System Change

Deployed DAT 8183 / updated to DAT 8183.

Solution

Not all systems with DAT 8183 will display the symptoms reported, and systems running DAT 8184 will never experience these issues. Before changing any settings, verify your system or environment is affected.

On Standalone systems:

  1. Right-click the VSE icon in your taskbar.
  2. Select About.

    The installed DAT is listed as DAT Version.

In ePolicy Orchestrator (ePO) managed environments:

  1. Run following ePO query:
    • Feature group: Events
    • Result types: Client Events
    • Display result as: Table
    • Columns:
      • Under Client Events: Event ID
      • Under Client Events: Error Code
      • Under Client Events: Host Name
      • Under Managed Systems: Operating Systems
      • Under VirusScan Enterprise Properties: Product Version (VirusScan Enterprise)
    • Filter:
      • Under Client Events: Error Code Equals to “Error occurred copying file. File is locked or missing from package.”

If your systems are running DAT 8184 or later, the following steps do not apply to you.

On affected systems:

    1. Set an exclusion in the On-Access Scan (OAS) settings for the folder:

      C:\ProgramData\McAfee\Common Framework\UpdateDir

  1. Download DAT 8184 from the CommonUpdater site (http://update.nai.com/products/commonupdater/).
  2. After the DAT successfully updates to version 8184, remove the OAS exclusion you created in step 1.