cancel
Showing results for 
Search instead for 
Did you mean: 

mcafee access protection filter driver file mfeapfk causing memory leaks

Hello,

mcafee access protection filter driver file mfeapfk causing memory leaks.

mfeapfkMemory:16774708K Avail: 6698900K  PageFlts:23483280   InRam Krnl: 2652K P:101584K

Commit:10064760K       Pool N: 72,344K  P:104,804K     SystemUpTime(hours)=3.77

Tag  Type     Allocs         Frees    Diff   Bytes    Per Alloc    Mapped_Driver

MmCm Nonp     283731    283620       111 7152912      64440        [nt!mm - Calls made to MmAllocateContiguousMemory]

MFEm Nonp       1537      1504        33 6293832     190722        [mfeavfk]

NDpp Nonp       1236         0      1236 4910048       3972        [ndis.sys - packet pool]

File Nonp    3459901   3430354     29547 4754936        160        [<unknown> - File objects]

ElxA Nonp          5         0         5 4109200     821840        [elxplus]

TPLA Nonp        768         0       768 3145728       4096        [ndis]

Ntfr Nonp      60973     17855     43118 2760520         64        [ntfs][ntfs.sys - ERESOURCE]

LSwi Nonp          1         0         1 2658304     2658304        [<unknown> - initial work context]

MmCa Nonp     265916    242687     23229 2583280        111        [nt!mm - Mm control areas for mapped files]

MFE0 Nonp   46834902  46808317     26585 2580928         97        [mfeapfk][mfeavfk][mfebopk][mfehidk][mferkdet][mfetdi2k]

TCPt Nonp      61447     61402        45 2480264      55116        [tcpip]

BCM0 Nonp         36         0        36 2342560      65071        [bxnd52x]

Io   Nonp   11032727  11032501       226 2247168       9943        [nt!io - general IO allocations]

elxs Nonp         15         1        14 2170944     155067        Unknown Driver

Mm   Nonp    1048904   1048889        15 1365480      91032        [nt!mm - general Mm Allocations]

VoSm Nonp         40        20        20 1122480      56124        [volsnap][volsnap.sys - Bitmap allocations]

Thre Nonp      21428     19719      1709 1080088        632        [nt!ps - Thread objects]

RcpI Nonp          1         0         1 1048576     1048576        [sacdrv][sacdrv.sys - Internal memory mgr initial heap block]

Devi Nonp       2248      1721       527 1035112       1964        [<unknown> - Device objects]

NtFs Nonp     748638    724569     24069  977992         40        [ntfs][ntfs.sys - StrucSup.c]

Ntfn Nonp     287495    263422     24073  972984         40        [ntfs][ntfs.sys - SCB_NONPAGED]

Mdl  Nonp     835910    830298      5612  918392        163        [<unknown> - Io, Mdls]

Irp  Nonp    2418592   2416957      1635  699720        427        [<unknown> - Io, IRP packets]

RaME Nonp          3         0         3  630784     210261        [storport]

=== Thu 12/18/2014 12:31:51 AM  ComputerName=BP1XILDB047  FreePTEs=146,526 ===

  ProcessTotalHandleCount=39,506;  SystemThreads=1,645;  SystemProcesses=133

Memory:16774708K Avail: 6714320K  PageFlts:26350239   InRam Krnl: 2652K P:101968K

Commit:10044492K       Pool N: 72,404K  P:105,204K     SystemUpTime(hours)=4.28

Tag  Type     Allocs         Frees    Diff   Bytes    Per Alloc    Mapped_Driver

MmCm Nonp     284878    284767       111 7152912      64440        [nt!mm - Calls made to MmAllocateContiguousMemory]

MFEm Nonp       1537      1504        33 6293832     190722        [mfeavfk]

NDpp Nonp       1236         0      1236 4910048       3972        [ndis.sys - packet pool]

File Nonp    3889120   3859527     29593 4762472        160        [<unknown> - File objects]

ElxA Nonp          5         0         5 4109200     821840        [elxplus]

TPLA Nonp        768         0       768 3145728       4096        [ndis]

Ntfr Nonp      63905     20593     43312 2772936         64        [ntfs][ntfs.sys - ERESOURCE]

LSwi Nonp          1         0         1 2658304     2658304        [<unknown> - initial work context]

MmCa Nonp     295347    272043     23304 2591872        111        [nt!mm - Mm control areas for mapped files]

MFE0 Nonp   53802565  53775880     26685 2563824         96        [mfeapfk][mfeavfk][mfebopk][mfehidk][mferkdet][mfetdi2k]

TCPt Nonp      84327     84282        45 2480264      55116        [tcpip]

BCM0 Nonp         36         0        36 2342560      65071        [bxnd52x]

Io   Nonp   12508970  12508747       223 2242960      10058        [nt!io - general IO allocations]

elxs Nonp         15         1        14 2170944     155067        Unknown Driver

Mm   Nonp    1048905   1048890        15 1365480      91032        [nt!mm - general Mm Allocations]

VoSm Nonp         40        20        20 1122480      56124        [volsnap][volsnap.sys - Bitmap allocations]

Thre Nonp      24287     22613      1674 1057968        632        [nt!ps - Thread objects]

RcpI Nonp          1         0         1 1048576     1048576        [sacdrv][sacdrv.sys - Internal memory mgr initial heap block]

Devi Nonp       2450      1923       527 1035112       1964        [<unknown> - Device objects]

NtFs Nonp     823307    799134     24173  982152         40        [ntfs][ntfs.sys - StrucSup.c]

Ntfn Nonp     321819    297642     24177  977144         40        [ntfs][ntfs.sys - SCB_NONPAGED]

Mdl  Nonp     947945    942185      5760  937336        162        [<unknown> - Io, Mdls]

Irp  Nonp    2422109   2420474      1635  701952        429        [<unknown> - Io, IRP packets]

MmSt Paged     64020     38995     25025 29254288       1169        [nt!mm - Mm section object prototype ptes]

Ntff Paged    419765    400818     18947 15460752        816        [ntfs][ntfs.sys - FCB_DATA]

CM35 Paged       688       398       290 10186752      35126        Unknown Driver

R100 Paged        47         2        45 5461800     121373        Unknown Driver

NtfF Paged     13768      8622      5146 4816656        936        [ntfs.sys - FCB_INDEX]

UlHT Paged         1         0         1 4198400     4198400        [http.sys - Hash Table]

Wmit Paged        91        35        56 3539600      63207        [<unknown> - Wmi Trace]

IoNm Paged   6896493   6874970     21523 3047256        141        [nt!io - Io parsing names]

MFE* Paged       819       800        19 1712416      90127        [mfehidk]

NtFs Paged    762971    736124     26847 1538200         57        [ntfs][ntfs.sys - StrucSup.c]

MmSm Paged     29740      7570     22170 1418880         64        Unknown Driver

FSim Paged     23659     12668     10991 1406848        128        [nt!fsrtl - File System Run Time Mcb Initial Mapping Lookaside

Ntfc Paged     22757      6312     16445 1184040         72        [ntfs][ntfs.sys - CCB_DATA]

FSrm Paged      5270      4773       497 1157224       2328        [nt!fsrtl - File System Run Time]

CMDa Paged    114170    109130      5040 1129696        224        Unknown Driver

CM25 Paged      1123      1101        22 1064960      48407        Unknown Driver

Ttfd Paged      5015      3629      1386 1062032        766        [<unknown> - TrueType Font driver]

Obtb Paged     20431     20072       359  900192       2507        [nt!ob - object tables via EX handle.c]

CM16 Paged       252        48       204  897024       4397        Unknown Driver

CMAl Paged       915       718       197  806912       4096        Unknown Driver

Gla1 Paged      2582      2201       381  786384       2064        [win32k.sys - Gdi handle manager specific object types allocate

Ntf0 Paged    841364    817408     23956  778544         32        [ntfs][ntfs.sys - general pool allocation]

NtFS Paged      6503      4453      2050  722032        352        [ntfs][ntfs.sys - SecurSup.c]

NtFB Paged     12145     12125        20  715952      35797        [ntfs][ntfs.sys - BitmpSup.c]

=== Thu 12/18/2014 1:02:56 AM  ComputerName=BP1XILDB047  FreePTEs=146,526 ===

  ProcessTotalHandleCount=40,606;  SystemThreads=1,658;  SystemProcesses=134

Memory:16774708K Avail: 6701300K  PageFlts:29195812   InRam Krnl: 2652K P:103136K

Commit:10069504K       Pool N: 72,532K  P:106,332K     SystemUpTime(hours)=4.80

Tag  Type     Allocs         Frees    Diff   Bytes    Per Alloc    Mapped_Driver

MmCm Nonp     286004    285893       111 7152912      64440        [nt!mm - Calls made to MmAllocateContiguousMemory]

MFEm Nonp       1537      1504        33 6293832     190722        [mfeavfk]

NDpp Nonp       1236         0      1236 4910048       3972        [ndis.sys - packet pool]

File Nonp    4319742   4290005     29737 4784504        160        [<unknown> - File objects]

ElxA Nonp          5         0         5 4109200     821840        [elxplus]

TPLA Nonp        768         0       768 3145728       4096        [ndis]

Ntfr Nonp      66657     23156     43501 2785032         64        [ntfs][ntfs.sys - ERESOURCE]

LSwi Nonp          1         0         1 2658304     2658304        [<unknown> - initial work context]

MmCa Nonp     325519    302104     23415 2604064        111        [nt!mm - Mm control areas for mapped files]

MFE0 Nonp   59637556  59610512     27044 2593768         95        [mfeapfk][mfeavfk][mfebopk][mfehidk][mferkdet][mfetdi2k]

TCPt Nonp      93148     93103        45 2480264      55116        [tcpip]

BCM0 Nonp         36         0        36 2342560      65071        [bxnd52x]

Io   Nonp   13983584  13983359       225 2251152      10005        [nt!io - general IO allocations]

elxs Nonp         15         1        14 2170944     155067        Unknown Driver

Mm   Nonp    1048905   1048890        15 1365480      91032        [nt!mm - general Mm Allocations]

VoSm Nonp         40        20        20 1122480      56124        [volsnap][volsnap.sys - Bitmap allocations]

Thre Nonp      27180     25496      1684 1064288        632        [nt!ps - Thread objects]

RcpI Nonp          1         0         1 1048576     1048576        [sacdrv][sacdrv.sys - Internal memory mgr initial heap block]

Devi Nonp       2600      2073       527 1035112       1964        [<unknown> - Device objects]

NtFs Nonp     898416    874140     24276  986272         40        [ntfs][ntfs.sys - StrucSup.c]

Ntfn Nonp     355434    331154     24280  981264         40        [ntfs][ntfs.sys - SCB_NONPAGED]

Mdl  Nonp    1064709   1058988      5721  932344        162        [<unknown> - Io, Mdls]

Irp  Nonp    2427677   2426061      1616  687248        425        [<unknown> - Io, IRP packets]

RaME Nonp          3         0         3  630784     210261        [storport]

MmSt Paged     68002     42854     25148 29456976       1171        [nt!mm - Mm section object prototype ptes]

Ntff Paged    468018    448985     19033 15530928        816        [ntfs][ntfs.sys - FCB_DATA]

CM35 Paged      1060       770       290 10186752      35126        Unknown Driver

R100 Paged        47         2        45 5461800     121373        Unknown Driver

NtfF Paged     14828      9664      5164 4833504        936        [ntfs.sys - FCB_INDEX]

UlHT Paged         1         0         1 4198400     4198400        [http.sys - Hash Table]

Wmit Paged        91        35        56 3539600      63207        [<unknown> - Wmi Trace]

IoNm Paged   7687158   7665502     21656 3071064        141        [nt!io - Io parsing names]

MFE* Paged       931       912        19 1712416      90127        [mfehidk]

NtFs Paged    826416    799424     26992 1556776         57        [ntfs][ntfs.sys - StrucSup.c]

FSrm Paged      5732      5141       591 1497816       2534        [nt!fsrtl - File System Run Time]

MmSm Paged     30777      8511     22266 1425024         64        Unknown Driver

FSim Paged     24414     13381     11033 1412224        128        [nt!fsrtl - File System Run Time Mcb Initial Mapping Lookaside

Ntfc Paged     24010      7098     16912 1217664         72        [ntfs][ntfs.sys - CCB_DATA]

CMDa Paged    122469    117227      5242 1163640        221        Unknown Driver

CM25 Paged      1123      1101        22 1064960      48407        Unknown Driver

Ttfd Paged      5015      3629      1386 1062032        766        [<unknown> - TrueType Font driver]

Obtb Paged     22899     22538       361  904368       2505        [nt!ob - object tables via EX handle.c]

CM16 Paged       283        79       204  897024       4397        Unknown Driver

CMAl Paged       915       718       197  806912       4096        Unknown Driver

Gla1 Paged      2949      2565       384  792576       2064        [win32k.sys - Gdi handle manager specific object types allocate

Ntf0 Paged    919058    895046     24012  779888         32        [ntfs][ntfs.sys - general pool allocation]

NtFS Paged      6771      4705      2066  727152        351        [ntfs][ntfs.sys - SecurSup.c]

NtFB Paged     13696     13676        20  715952      35797        [ntfs][ntfs.sys - BitmpSup.c]

=== Thu 12/18/2014 1:34:01 AM  ComputerName=BP1XILDB047  FreePTEs=146,526 ===

  ProcessTotalHandleCount=40,291;  SystemThreads=1,649;  SystemProcesses=133

Memory:16774708K Avail: 6701732K  PageFlts:32792311   InRam Krnl: 2656K P:112024K

Commit:10063492K       Pool N: 73,436K  P:115,244K     SystemUpTime(hours)=5.32

Tag  Type     Allocs         Frees    Diff   Bytes    Per Alloc    Mapped_Driver

MmCm Nonp     287162    287051       111 7152912      64440        [nt!mm - Calls made to MmAllocateContiguousMemory]

MFEm Nonp       1537      1504        33 6293832     190722        [mfeavfk]

File Nonp    5540071   5508642     31429 5058328        160        [<unknown> - File objects]

NDpp Nonp       1236         0      1236 4910048       3972        [ndis.sys - packet pool]

ElxA Nonp          5         0         5 4109200     821840        [elxplus]

TPLA Nonp        768         0       768 3145728       4096        [ndis]

Ntfr Nonp      71451     25408     46043 2947720         64        [ntfs][ntfs.sys - ERESOURCE]

MmCa Nonp     357114    331996     25118 2795040        111        [nt!mm - Mm control areas for mapped files]

LSwi Nonp          1         0         1 2658304     2658304        [<unknown> - initial work context]

MFE0 Nonp   65253520  65226566     26954 2573768         95        [mfeapfk][mfeavfk][mfebopk][mfehidk][mferkdet][mfetdi2k]

TCPt Nonp     101487    101442        45 2480264      55116        [tcpip]

BCM0 Nonp         36         0        36 2342560      65071        [bxnd52x]

Io   Nonp   15479760  15479537       223 2242960      10058        [nt!io - general IO allocations]

elxs Nonp         15         1        14 2170944     155067        Unknown Driver

Mm   Nonp    1048905   1048890        15 1365480      91032        [nt!mm - general Mm Allocations]

VoSm Nonp         40        20        20 1122480      56124        [volsnap][volsnap.sys - Bitmap allocations]

NtFs Nonp    1755108   1728841     26267 1065912         40        [ntfs][ntfs.sys - StrucSup.c]

Ntfn Nonp     428838    402539     26299 1065872         40        [ntfs][ntfs.sys - SCB_NONPAGED]

Thre Nonp      30005     28326      1679 1061128        632        [nt!ps - Thread objects]

RcpI Nonp          1         0         1 1048576     1048576        [sacdrv][sacdrv.sys - Internal memory mgr initial heap block]

Devi Nonp       2760      2233       527 1035112       1964        [<unknown> - Device objects]

Mdl  Nonp    1205558   1199555      6003  968520        161        [<unknown> - Io, Mdls]

Irp  Nonp    2432682   2430984      1698  736056        433        [<unknown> - Io, IRP packets]

CcSc Nonp     196601    194587      2014  644480        320        [nt!cc - Cache Manager Shared Cache Map]

MmSt Paged     73508     46644     26864 33138736       1233        [nt!mm - Mm section object prototype ptes]

Ntff Paged    557430    537652     19778 16138848        816        [ntfs][ntfs.sys - FCB_DATA]

CM35 Paged      1444      1142       302 11530240      38179        Unknown Driver

NtfF Paged     17228     10831      6397 5987592        936        [ntfs.sys - FCB_INDEX]

R100 Paged        47         2        45 5461800     121373        Unknown Driver

UlHT Paged         1         0         1 4198400     4198400        [http.sys - Hash Table]

Wmit Paged        91        35        56 3539600      63207        [<unknown> - Wmi Trace]

IoNm Paged   9269135   9246871     22264 3155096        141        [nt!io - Io parsing names]

NtFs Paged   2205108   2175382     29726 1762184         59        [ntfs][ntfs.sys - StrucSup.c]

MFE* Paged      1005       986        19 1712416      90127        [mfehidk]

FSim Paged     26726     14229     12497 1599616        128        [nt!fsrtl - File System Run Time Mcb Initial Mapping Lookaside

MmSm Paged     33414      9430     23984 1534976         64        Unknown Driver

Ntfc Paged     25564      8546     17018 1225296         72        [ntfs][ntfs.sys - CCB_DATA]

CMDa Paged    127441    122083      5358 1177856        219        Unknown Driver

CM25 Paged      1123      1101        22 1064960      48407        Unknown Driver

Ttfd Paged      5015      3629      1386 1062032        766        [<unknown> - TrueType Font driver]

FSrm Paged      7515      6922       593 1057912       1784        [nt!fsrtl - File System Run Time]

Obtb Paged     25316     24956       360  904288       2511        [nt!ob - object tables via EX handle.c]

CM16 Paged       315       110       205  901120       4395        Unknown Driver

Ntfo Paged     31706     25345      6361  874248        137        [ntfs][ntfs.sys - SCB_INDEX normalized named buff

10 Replies
exbrit
Level 21
Report Inappropriate Content
Message 2 of 11

Re: mcafee access protection filter driver file mfeapfk causing memory leaks

Moved provisionally to ePO for better attention - Moderator

Re: mcafee access protection filter driver file mfeapfk causing memory leaks

Which VSE patch version are you using?

If you not using patch 4 I would recommend to install it.

If you running patch 4 I would recommned to follow the KB74951 and open a case with McAfee

https://kc.mcafee.com/corporate/index?page=content&id=KB74951&locale=fr_CA

Do you need to restart the machine because the machine freezes? If yes, how do often do you need to restart the machine to make usable?  I would recommend you to follow the KB if the machine freezes or get unusable but I cannot see a leak from the logs that you have posted...

@Ex_Brit, this post should be under VirusScan section and not ePO.

Best regards,

Jose Maria

exbrit
Level 21
Report Inappropriate Content
Message 4 of 11

Re: mcafee access protection filter driver file mfeapfk causing memory leaks

Thanks - Moved to VSE

Re: mcafee access protection filter driver file mfeapfk causing memory leaks

Thanks @Ex_Brit

Re: mcafee access protection filter driver file mfeapfk causing memory leaks

Hello We have VSE 8.8.01247

The DB server is getting hang and everytime they have to restart it.

wwarren
Level 15
Report Inappropriate Content
Message 7 of 11

Re: mcafee access protection filter driver file mfeapfk causing memory leaks

Where is this alleged leak?
The data you've pasted does not indicate a leak in McAfee pool tags.

Are you misinterpreting the Allocations and Frees columns perhaps?

William W. Warren | S.I.R.R. | Customer Success Group | McAfee

Re: mcafee access protection filter driver file mfeapfk causing memory leaks

As I said avobe in my previous post I cannot see any leak, so I agree with wwarren.

Best regards,

Jose Maria

Re: mcafee access protection filter driver file mfeapfk causing memory leaks

Then you should take new logs as per the KB I have posted avobe. Please take 5 or 6 different logs, but please keep in mind if the server freezes every 12 hours please take the logs every 2 hours, if the server freezes every 7 days, please take the logs everyday and like this. The logs that you have posted were 4 every 30 minutes and if the issue happens each week, collecting 4 logs every 30 minutes will not reflect your issue.

Best regards,

Jose Maria

Re: mcafee access protection filter driver file mfeapfk causing memory leaks

I have been told there are issues with Patch 4. We had a scenario where we were copying files from one server to another and McShield would crash on certain autorun.inf files. There was never a reason found for this as the files were fine. McShield would auto-restart but after about 5 restarts, the server would just hang or blue screen. I was able to reproduce this at will. Support eventually told me to downgrade to Patch 2 and all was fine after we did. There is a KB out there for it somewhere......