Showing results for 
Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 5

McAfee Caused Exchange Mail Store Unmount?

Hi all,

Hope someone can help me here. I already setup ePO server for my PC and setup all policy for local user. I also already set On Demand Scan policy for Virus Scan and setting the exclusion folder/drive for that policy. However, unfortunately McAfeee Policy not running according to the policy. McAfee keep scanning exclusion folder and Supposely, McAfee should avoid scanning the exclusion folders and this has caused office server down. Please refer below for Event Properties description:

"The file \Device\HarddiskVolume11\EXTL2\MDBDATA\E01.log\E01.log\image4.jpeg contains the Exploit-QtPICT Trojan. Undetermined clean error,OAS denied access and contiued. Detected using Scan engine version 8400.1158 DAT version 6288.0000"

Hopefully someone can explaint and guide m ont his.Any suggestions on what to do/where to go?

4 Replies
Level 9
Report Inappropriate Content
Message 2 of 5

Re: McAfee Caused Exchange Mail Store Unmount?

Did configure the VSE Exchange Exclusions???

Level 14
Report Inappropriate Content
Message 3 of 5

Re: McAfee Caused Exchange Mail Store Unmount?


I reckon it must be the different path that causes Virusscan to not match exclusion against the file path it receives from the operating system. Your exclusion could be someting like \Exchsrv\(something)\*.* and this is not matching against \Device\Harddisk\etc.

Try using a more general relative exclusion like **\folder1\folder2\file or exclude based on filename pattern or type (*.log ,for example) so it does not contain any absolute path. I recommend you review KB54812 in this respect, and also exclusions master article

For Exchange exclusions please review:


Level 7
Report Inappropriate Content
Message 4 of 5

Re: McAfee Caused Exchange Mail Store Unmount?

Hi Attilia,

I actually put the exclusion for my L: drive and \Device\Harddisk\etc actually one of my folder within L drive. What is surprising VSE still scanning within my L drive. I already checked log file %VSEDEFLOGDIR%  however couldn't any prove that state scanning was perform. However on the Virus Scan show event scanning files within L drive.

Very very strange..Please advice me on this.

Level 14
Report Inappropriate Content
Message 5 of 5

Re: McAfee Caused Exchange Mail Store Unmount?

Hi Patu,

There is VirusScan Profiler 1.1 to see which files are most scanned. It enables making statistics on top X file scanned. However I'm not sure how big a value you can enter in the filtering field to see deep enough, and thus you may not see whether that particular file is being scanned or not that you are interested in. Nevertheless you can download it from McAfee portal it may come handy later on.

A quick and dirty way of making VirusScan log all files that it scan is by making this registry change:

VSE8.5/8.7 - HKLM\SOFTWARE\McAfee\VSCore\VerboseLogging

Create values

bLogToFile : REG_DWORD : 0 = off, 1 =on

szLogFileName : REG_SZ : filename

bLimitSize : REG_DWORD : 0 = no size limit, 1 = file size is limited

dwMaxLogSizeMB : REG_DWORD : max file size in megabytes

LogFileFormat : REG_DWORD : 0 = ANSI, 1=UTF8, 2=UTF16.

Stop/Restart McShield service to make changes.

When you experience the issue, open OnAccessScanLog.txt file and see if the files that you wanted to exclude were being scanned actually (with their actualy path that may or may not matches path used in your exclusion).

Revert the registry changes back to where they were previously once you are ready with testing.


Message was edited by: apoling on 22/03/11 10:24:07 CET
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.