cancel
Showing results for 
Search instead for 
Did you mean: 

ODS failures after P4 - SCAN64.EXE crashing

Hi there,

After upgrade to VSE88 P4 we are experiencing the following errors:

Log Name: Application

Source: Application Error

Date: 21/03/2014 07:45:09

Event ID: 1000

Task Category: (100)

Level: Error

Keywords: Classic

User: N/A

Computer: black_devil_666

Description:

Faulting application name: SCAN64.EXE, version: 8.8.0.777, time stamp: 0x4d2e0635

Faulting module name: ntdll.dll, version: 6.1.7601.22436, time stamp: 0x521eb03f

Exception code: 0xc0000374

Fault offset: 0x00000000000c4322

Faulting process id: 0x3850

Faulting application start time: 0x01cf44d1171ba830

Faulting application path: C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SCAN64.EXE

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

at the time of scheduled scans - and obviously scans fail.

Windows 7p1 x64

Anyone experiencing the same issue???

We have SR 4-5457415063  open for this issue.

2 Replies
wwarren
Level 15
Report Inappropriate Content
Message 2 of 3

Re: ODS failures after P4 - SCAN64.EXE crashing

Haven't seen any other reports of this.

Key thing here to note is, this is a process crash event. Which means, you'll be able to get a process dump of the failure - so long as it can be reproduced.

Use ProcDump from SysInternals to capture a 2nd chance exception of Scan64.exe, and to monitor for the process to start.

i.e. procdump -e -ma -w scan64.exe

The dump it creates will be of interest to us/Support.

It could be indicative of a bug in our code, or in the DAT content, or the Engine, or Windows, or in a 3rd party that has hooked the process - so, too many possibilities to go speculating on... hence the need for data.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee

Re: ODS failures after P4 - SCAN64.EXE crashing

Hi there,

Have you tried to disable the prevent hooking AP rule and see if the scan finish? I have seen a similar crash when running ODS and it was this rule causing the issue.

The solution was trusting the dll injecting as per https://kc.mcafee.com/corporate/index?page=content&id=KB73521

Regards,