1 Reply Latest reply on Apr 27, 2009 9:39 PM by secured2k

    MC Shield service won't run?

      I'm having an issue with our new batch of PCs for my company. They're HP slimlines running Windows XP that we picked up for a good price, and now I'm getting them all prepped for release. That includes putting McAfee VirusScan Enterprise 8.70i on them.

      The install goes just the same as usual, and seems to work fine. The agent installs, it connects to the ePO server, and downloads the engine. Everything seems to go fine, and no errors are generated.

      However, after everything installs, the McAfee icon on the taskbar has a red circle with a slash through it. Hovering my mouse over it indicates tells me "McAfee OAS: Disabled". The Enable button is grayed out. I run the agent status monitor, and tell it to enforce policies, and the red circle disappears for a moment - and then shows back up again. I went into the Windows service manager to manually run MCShield, and got the following error: "The McAfee McShield service on Local Computer started and then stopped. Some services stop automatically if they have no work to do, for example, the erformance Logs and Alerts service."

      I know the policy is right, since it's the same one all the other PCs are using. It's getting updates just fine. The only thing I can think of is that there's something already installed on the PC that's interfering with the service. Any ideas?

      Here's the HijackThis log for the PC.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 9:18:49 AM, on 4/27/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16827)
      Boot mode: Normal

      Running processes:
      C:\Program Files\ActivIdentity\ActivClient\accoca.exe
      C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Intel\AMT\LMS.exe
      C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
      C:\Program Files\McAfee\Common Framework\FrameworkService.exe
      C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
      C:\Program Files\PDF Complete\pdfsvc.exe
      C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\Program Files\McAfee\Common Framework\udaterui.exe
      C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
      C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
      C:\Program Files\McAfee\Common Framework\McTray.exe
      C:\Program Files\ActivIdentity\ActivClient\acevents.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
      O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
      O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
      O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
      O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
      O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
      O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
      O23 - Service: McAfee Application Installer Cleanup (0188451240413298) (0188451240413298mcinstcleanup) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\018845~1.EXE (file missing)
      O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
      O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
      O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
      O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
      O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
      O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
      O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
      O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
      O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
      O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

      End of file - 6673 bytes
        • 1. RE: MC Shield service won't run?
          The current Engine/DAT seem have a problem starting or communicating with the drivers. You can see the error code of 8 meaning a problem loading the DATs in the Application log under the source McLogEvent.

          For the time being, many of us are recommending to go back to Engine 5300.