Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1213 Views 2 Replies Latest reply: Feb 15, 2013 10:26 AM by jliford RSS
mjmurra Champion 374 posts since
Jul 27, 2010
Currently Being Moderated

Sep 24, 2012 12:00 AM

Event ID 7 - Unable to initialize the scanning engine

Here's an extract from a ODS log on a system:

 

24/09/2012    10:30:19 AM        Engine version                          =    5400.1158

24/09/2012    10:30:19 AM        AntiVirus   DAT version                 =    6844.0

24/09/2012    10:30:19 AM        Number of detection signatures in EXTRA.DAT =    None

24/09/2012    10:30:19 AM        Names of detection signatures in EXTRA.DAT  =    None

    12:00:00 AM    Scan Terminated    HOSTNAME\    Unable to initialize the scanning engine; the system is out of memory. Free up some memory and restart the scan application.

 

(Note that the Scan Terminated doesn't have a date and is listed at 12:00AM.

 

When uploaded to EPO, the Event Generated time is set to :

Event Generated Time (UTC): 11/30/99 12:00:00 AM

 

Which of course throws out all sorts of reporting.

 

Event Category: Malware

Event ID: 7

Threat Severity: Notice

Threat Name: none

Threat Type: None

Action Taken: None

Threat Handled: true

 

Wonder if this is an 8.8 P0 thing, or has been resolved in a later version - any ideas if it has been resolved?

  • wwarren McAfee SME 767 posts since
    Nov 3, 2009

    I haven't seen this reported before. Consider it unresolved at this time.

    Sounds curious

  • jliford Newcomer 1 posts since
    Feb 15, 2013
    Currently Being Moderated
    2. Feb 15, 2013 10:30 AM (in response to mjmurra)
    Re: Event ID 7 - Unable to initialize the scanning engine

    I encountered a similar issue today and the "Scan Terminated" date and timestamp were accurate to the time of the event version 8.8.0.849.

    .

    2/14/2013 12:31:41 PM  Engine version                          = 5400.1158

    2/14/2013 12:31:41 PM  AntiVirus   DAT version                 = 6985.0

    2/14/2013 12:31:41 PM  Number of detection signatures in EXTRA.DAT = None

    2/14/2013 12:31:41 PM  Names of detection signatures in EXTRA.DAT  = None

    2/14/2013 12:31:32 PM Scan Terminated COMPUTERNAME\SYSTEM Unable to initialize the scanning engine; the system is out of memory. Free up some memory and restart the scan application.

     

    Due to the nature of what occured in this case was the McAfee Scan was terminated when the laptop was being shut down by the normal window shut down process, howeve during shutdown the computer because unresponsive and hung, causing the "Force shutdown" option to appear and be clicked on. 

     

    This event was not sent to McAfee EPO until the laptop was re-connected to the network the following day, which created a confusing event as the time and date between the "Detection time" and the "Reporting time" when it was reported to EPO.

     

    Recommendation/Feature enhancement: Add a time and date field for the event for when the event was send to the management server, which will show the time the event occurred and the time the event was successfully submitted to the management server.

     

    Message was edited by: jliford on 2/15/13 10:30:33 AM CST

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points