I have an issue with virus scan crashing on Server 2012. Please see below...anyone ever experienced thiss issue before?
Faulting application name: scan64.exe, version: 220.127.116.117, time stamp: 0x4d2e0635
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc000009a
Fault offset: 0x00000000000ec180
Faulting process id: 0x2434
Faulting application start time: 0x01d0aed17d450bde
Faulting application path: C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scan64.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: baf3f8be-1ac4-11e5-80e8-005056bb0565
Faulting package full name:
Faulting package-relative application ID:
Are you by chance seeing some Access Protection events around the same time similar to the following?
Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scan64.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
The question is a tad too generic. What you're showing here is that the on demand scan process crashed. There could be a multitude of reasons for that.
The most productive way forward, if this issue is reproducible, is to capture a process dump of the failure.
Procdump -ma -e -w scan64.exe
Then run the ODS.
A dump file will be created, which can be shared with Support for further investigation.
If you have reason to suspect this might be an issue we've seen in the past, the due diligent thing to do is test the behavior using our latest version + patch, 8.8 Patch 5.
If i'm correct VSE 18.104.22.1687 is the 8.8 RTW version. McAfee supports Wiindows Server 2012 with VSE 8.8 Patch 3 (build number 22.214.171.1248) or higher
It's a good idea to upgrade to a higher version
Yep, there isn't enough data in the post to know which version they're using.
We only update the binary version stamp when code has changed since the last release, and, we haven't had any need to revisit the code of the ODS process since the product shipped. Seems surprising huh?
But the executable doesn't actually do much. Much of the work the ODS is does is handled by other DLLs that we load, like vsodscpl.dll.