cancel
Showing results for 
Search instead for 
Did you mean: 

Agent Epo 5.0.2 se reinstala

Hola,

Me gustaria comentarles un problema que tengo con unos agente en unos servidores windows 2003 server.

Hace un tiempo que tenemos instalados estos agentes reportados a la EPO, con VirusScann8.8.

Cada cierto tiempo el agente se reinicia y nos llegan alarmar de que el servicio mcshield.exe se encuentra detenido, por lo que me puse a indagar en el visor y aparece que el agente se esta desisntalando e instalando. No sabemos que puede estar pasando y me gustaria que nos ayudaran a ver que puede estar pasando.

Adjunto logs del visor que encontramos, justo en el momento que esto sucede. Muchas Gracias.

______________________________________________________________________

Event Type:Information
Event Source:MsiInstaller
Event Category:None
Event ID:1040
Date:28-07-2016
Time:9:01:37
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

Beginning a Windows Installer transaction: {dea2d287-b3f7-4828-8332-3cf31ed15ed7}. Client Process Id: 33776.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

______________________________________________________________________

Event Type:Information
Event Source:McLogEvent
Event Category:None
Event ID:257
Date:28-07-2016
Time:9:02:00
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

Bloqueado por regla de protección de acceso.  La regla Protección común estándar:Impedir la modificación de los archivos y las opciones de McAfee Common Management Agent ha bloqueado el acceso al objeto HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MCAFEEFRAMEWORK\.

______________________________________________________________________

Event Type:Information
Event Source:McLogEvent
Event Category:None
Event ID:5000
Date:28-07-2016
Time:9:03:06
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

McShield service started.

Engine version : 5800.7501

DAT version : 8238.0000

Number of signatures in EXTRA.DAT : Ninguno

Names of threats that EXTRA.DAT can detect : Ninguno

______________________________________________________________________

Event Type:Information
Event Source:MsiInstaller
Event Category:None
Event ID:11724
Date:28-07-2016
Time:9:03:14
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

Producto: McAfee Agent -- Removal completed successfully.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 7b 44 45 41 32 44 32 38   {DEA2D28

0008: 37 2d 42 33 46 37 2d 34   7-B3F7-4

0010: 38 32 38 2d 38 33 33 32   828-8332

0018: 2d 33 43 46 33 31 45 44   -3CF31ED

0020: 31 35 45 44 37 7d         15ED7}

______________________________________________________________________

Event Type:Information
Event Source:MsiInstaller
Event Category:None
Event ID:1034
Date:28-07-2016
Time:9:03:14
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

Windows Installer removed the product. Product Name: McAfee Agent. Product Version: 5.00.2025. Product Language: 1034. Removal success or error status: 0.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 7b 44 45 41 32 44 32 38   {DEA2D28

0008: 37 2d 42 33 46 37 2d 34   7-B3F7-4

0010: 38 32 38 2d 38 33 33 32   828-8332

0018: 2d 33 43 46 33 31 45 44   -3CF31ED

0020: 31 35 45 44 37 7d         15ED7}

______________________________________________________________________

Event Type:Information
Event Source:MsiInstaller
Event Category:None
Event ID:1042
Date:28-07-2016
Time:9:03:14
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

Ending a Windows Installer transaction: {dea2d287-b3f7-4828-8332-3cf31ed15ed7}. Client Process Id: 33776.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

______________________________________________________________________

Event Type:Information
Event Source:MsiInstaller
Event Category:None
Event ID:1040
Date:28-07-2016
Time:9:03:14
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

Beginning a Windows Installer transaction: C:\WINDOWS\TEMP\mfe80BA.tmp\MFEagent.msi. Client Process Id: 39672.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

______________________________________________________________________

Event Type:Information
Event Source:McLogEvent
Event Category:None
Event ID:257
Date:28-07-2016
Time:9:03:29
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

El análisis de C:\WINDOWS\Temp\ma80E7.tmp\x64\mfestwa.dll ha tardado demasiado tiempo en completarse y se está cancelando.  La versión de motor de análisis utilizada es 5800.7501 versión DAT 8238.0000.

______________________________________________________________________

Event Type:Information
Event Source:McLogEvent
Event Category:None
Event ID:257
Date:28-07-2016
Time:9:03:29
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

El análisis de C:\WINDOWS\Temp\ma80E7.tmp\x86\mfestwa.dll ha tardado demasiado tiempo en completarse y se está cancelando.  La versión de motor de análisis utilizada es 5800.7501 versión DAT 8238.0000.

______________________________________________________________________

Event Type:Information
Event Source:McLogEvent
Event Category:None
Event ID:5000
Date:28-07-2016
Time:9:04:06
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

McShield service started.

Engine version : 5800.7501

DAT version : 8238.0000

Number of signatures in EXTRA.DAT : Ninguno

Names of threats that EXTRA.DAT can detect : Ninguno

______________________________________________________________________

Event Type:Information
Event Source:MsiInstaller
Event Category:None
Event ID:11707
Date:28-07-2016
Time:9:04:34
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

Producto: McAfee Agent -- La operación de instalación finalizó satisfactoriamente.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 7b 64 65 61 32 64 32 38   {dea2d28

0008: 37 2d 62 33 66 37 2d 34   7-b3f7-4

0010: 38 32 38 2d 38 33 33 32   828-8332

0018: 2d 33 63 66 33 31 65 64   -3cf31ed

0020: 31 35 65 64 37 7d         15ed7}

______________________________________________________________________

Event Type:Information
Event Source:MsiInstaller
Event Category:None
Event ID:1033
Date:28-07-2016
Time:9:04:34
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

Windows Installer installed the product. Product Name: McAfee Agent. Product Version: 5.00.2025. Product Language: 1034. Installation success or error status: 0.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 7b 64 65 61 32 64 32 38   {dea2d28

0008: 37 2d 62 33 66 37 2d 34   7-b3f7-4

0010: 38 32 38 2d 38 33 33 32   828-8332

0018: 2d 33 63 66 33 31 65 64   -3cf31ed

0020: 31 35 65 64 37 7d         15ed7}

______________________________________________________________________

Event Type:Information
Event Source:MsiInstaller
Event Category:None
Event ID:1042
Date:28-07-2016
Time:9:04:34
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

Ending a Windows Installer transaction: C:\WINDOWS\TEMP\mfe80BA.tmp\MFEagent.msi. Client Process Id: 39672.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

______________________________________________________________________

Event Type:Information
Event Source:McLogEvent
Event Category:None
Event ID:5000
Date:28-07-2016
Time:9:15:44
User:NT AUTHORITY\SYSTEM
Computer:VMINTRAWEB

Description:

McShield service started.

Engine version : 5800.7501

DAT version : 8239.0000

Number of signatures in EXTRA.DAT : Ninguno

Names of threats that EXTRA.DAT can detect : Ninguno

______________________________________________________________________

Muchas Gracias,