I've been seeing this error on one of our servers in the application log in event viewer for months now. McShield service crashes and freezes up the server for a few minutes. Can't seem to find a solution for it. Am running VSE 8.7 patch 4. Have tried excluding .log file types, turning off scan on read and write for low-risk processes, adding low-risk process exclusions for processes that generate file timeouts. I've re-installed VSE.
Anyone know how to resolve this?
You may try 2 things here :-
Go to McAfee Virus Scan console and Hit HELP. There, you can repair installation. Check if that helps.
If not, please go to services.msc and check if mcshield.exe is set to restart immediately and please make sure that the default action on the failures is RESTART the services and I would say have it at immediate(0) seconds.
Please revert if any of this helped.
Is Mcshield crashing because of scan time out? Please have a look at the Event viewer message (share also with us)? If yes then I will suggest you below.
1. Make sure that you have unchecked 'process on Enable' from OAS.
2. Increase the scan timeout value from default one?
There are 2 types of McShield termination: The hardcoded and the unexpected crash. Here are common causes for both -
- Large files taking long to scan where McShield reach the set timeout twice before it crashs to prevent system becoming unresponsive.
- Systems resources exhausted at time of scan or what's referred to as "CPU starvation"
- VSE files version missmatch - mostly the result of failed patch/hotfix installation.
- Incompatibility with 3rd party software
- No reboot after Upgrade or patch installation
Post the full event log if you need further assistance.
I've been getting the same issue on one particular server with patch 3 and now sadly with patch 4 for the same reason after a scan time out which usually happens after an update which I believed was supposed to be fixed in patch 4.
This was never resolved but turns out the server is being decommissioned so doesn't matter all that much anymore.
I did notice though in event logs that files being scanned causing the timeouts were in the exclusion list yet still being scanned?
I have seen scan logs where the File was scanned via Hardware Path like Device\HardDiskVolume1\... rather than C:\...
This could be possibly one reason while there might be others as well. Check out KB61000