We recently attempted to install a new solarwinds upgrade on a Windows 2008 Server - Service Pack 1.
After installation of the solarwinds (monitoring platform) upgrade, the core solarwinds server started to reboot once an hour, then sporadically as many as 4 times an hour.
In viewing logs, I did find one instance where it appeared McAfee was tasking the node to shutdown. It is inconclusive whether it actually did cause the server to reboot.
A solarwinds tech found another instance in logs where a VMWare exe did command the server to reboot, but only one instance of this behavior was confirmed.
Microsoft analyzed a core dump off the clone that was created prior to reverting to the older version of solarwinds, and MSFT is pointing at McAfee as the culprit. But I believe that is just corporate finger pointing...
Solarwinds has no instance of this behavior happening with the attempted upgrade we did. Ever.
My question is this: have any community users experienced any behavior where McAfee caused a continuous but sporadic reboot sequence of their hardware? Were you able to find Root Cause?
This appears unlikely to be SIEM. What McAfee products are installed on the system? Which logs did you review that indicate McAfee is involved? More details are required to help here.
We are using VirusScan Enterprise 808.06000.
Solarwinds produces there own diagnostics logs; however we were inhibited to produce them during this incident as the server kept rebooting.
Wanted to get versions out there of McAfee, will did again and look for actual log entries. Thanks for responses to date.
Saw a very similar reboot loop with VSE 8.8P6/CMA 4.8.1500; it was recommended to move to VSE8.8 P7 - resolved the reboot loop.
Blue screen error on startup on NUMA-based systems after installing VirusScan Enterprise 8.8 Patch 6, Host Intrusion Prevention 8.0 Patch 6, or McAfee Agent 5.0.x Technical Articles ID: KB85860 Last Modified: 3/30/2016
Even thou KB85860 was writen for CMA 5.0.X - it was a close enough...