2 Replies Latest reply: Feb 15, 2013 10:30 AM by jliford RSS

    Event ID 7 - Unable to initialize the scanning engine

    mjmurra

      Here's an extract from a ODS log on a system:

       

      24/09/2012    10:30:19 AM        Engine version                          =    5400.1158

      24/09/2012    10:30:19 AM        AntiVirus   DAT version                 =    6844.0

      24/09/2012    10:30:19 AM        Number of detection signatures in EXTRA.DAT =    None

      24/09/2012    10:30:19 AM        Names of detection signatures in EXTRA.DAT  =    None

          12:00:00 AM    Scan Terminated    HOSTNAME\    Unable to initialize the scanning engine; the system is out of memory. Free up some memory and restart the scan application.

       

      (Note that the Scan Terminated doesn't have a date and is listed at 12:00AM.

       

      When uploaded to EPO, the Event Generated time is set to :

      Event Generated Time (UTC): 11/30/99 12:00:00 AM

       

      Which of course throws out all sorts of reporting.

       

      Event Category: Malware

      Event ID: 7

      Threat Severity: Notice

      Threat Name: none

      Threat Type: None

      Action Taken: None

      Threat Handled: true

       

      Wonder if this is an 8.8 P0 thing, or has been resolved in a later version - any ideas if it has been resolved?

        • 1. Re: Event ID 7 - Unable to initialize the scanning engine
          wwarren

          I haven't seen this reported before. Consider it unresolved at this time.

          Sounds curious

          • 2. Re: Event ID 7 - Unable to initialize the scanning engine
            jliford

            I encountered a similar issue today and the "Scan Terminated" date and timestamp were accurate to the time of the event version 8.8.0.849.

            .

            2/14/2013 12:31:41 PM  Engine version                          = 5400.1158

            2/14/2013 12:31:41 PM  AntiVirus   DAT version                 = 6985.0

            2/14/2013 12:31:41 PM  Number of detection signatures in EXTRA.DAT = None

            2/14/2013 12:31:41 PM  Names of detection signatures in EXTRA.DAT  = None

            2/14/2013 12:31:32 PM Scan Terminated COMPUTERNAME\SYSTEM Unable to initialize the scanning engine; the system is out of memory. Free up some memory and restart the scan application.

             

            Due to the nature of what occured in this case was the McAfee Scan was terminated when the laptop was being shut down by the normal window shut down process, howeve during shutdown the computer because unresponsive and hung, causing the "Force shutdown" option to appear and be clicked on. 

             

            This event was not sent to McAfee EPO until the laptop was re-connected to the network the following day, which created a confusing event as the time and date between the "Detection time" and the "Reporting time" when it was reported to EPO.

             

            Recommendation/Feature enhancement: Add a time and date field for the event for when the event was send to the management server, which will show the time the event occurred and the time the event was successfully submitted to the management server.

             

            Message was edited by: jliford on 2/15/13 10:30:33 AM CST