Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2466 Views 7 Replies Latest reply: Feb 28, 2013 10:31 AM by kink80 RSS
kink80 Champion 472 posts since
Apr 6, 2009
Currently Being Moderated

Feb 7, 2013 10:53 AM

McLogEvent 5004 Could not contact Filter Driver. The specified procedure could not be found.

I am trying to apply patch 5 for VSE 8.7i to one of my Windows 2003 servers that was running VSE 8.7i Patch 3. When I tried to do an "Update Now" on the server, after checking in Patch 5 into the Current Branch of the ePO Master Repository, it looked like it was going to install successfully however  I had the following in my Application Event log:

 

Event Type: Error
Event Source: McLogEvent
Event Category: None
Event ID: 5004
Date:  2/7/2013
Time:  8:32:48 AM
User:  NT AUTHORITY\SYSTEM
Computer: XXXXXXXXX
Description:
Could not contact Filter Driver.
Error = 0x7f : The specified procedure could not be found.

 

When I looked in the McAfee Agent log I see this:

 

2013-02-07 08:33:05 I #4600 Manage New plugin <VSEMAS870000> found

2013-02-07 08:33:05 I #4600 Sched >>--CSchedule::RegisterProduct

2013-02-07 08:33:06 I #6084 Sched >>--CSchedule::ModifyTask

2013-02-07 08:33:08 I #5592 Sched Plugin DLL for VSEMAS870000 has been registered

2013-02-07 08:33:08 W #5592 Sched Plugin checking: error  -1011, SoftwareID = VIRUSCAN8700

 

2013-02-07 08:50:44 I #3300 Manage Enforcing policies

2013-02-07 08:50:45 i #3300 Manage Enforcing Policies for VIRUSCAN8700

2013-02-07 08:50:45 I #3300 Manage CManage::EnforcePolicies() - Failed - "VIRUSCAN8700" (error = -1000).

2013-02-07 08:50:45 i #3300 Manage Enforcing Policies for EPOAGENT3000META

2013-02-07 08:50:45 i #3300 Manage Enforcing Policies for EPOAGENT3000

2013-02-07 08:50:45 i #3300 Manage Enforcing Policies for McAfee Agent

 

I then removed VSE from this server via Add and Remove Programs and I received no errors and it appeared like it was successfully removed. As I could not find anything in C:\Program Files\McAfee\VirusScan Enterprise. I then re-installed VSE 8.7.0.570 with an ePO Product deployment task. Which again seemed to succeed. It then ran the DAT update successfully then ran the HotFix Update and I saw;

 

2013-02-07 10:23:05 I #5804 UpdEvents Generating update event:EventId=2401:Severity=4:ProductId=VIRUSCAN8700:Locale=0000:UpdateType=Hot Fix:UpdateError=0:NewVersion=5:DateTime=

2013-02-07 10:23:10 I #5804 UpdEvents Generating update event:EventId=2401:Severity=4:ProductId=VIRUSCAN8700:Locale=0000:UpdateType=Ext raDAT:UpdateError=0:NewVersion=2012.1128.1826.10:DateTime=

 

A little further down in the McAfee Agent log i spotted this again:

 

2013-02-07 10:25:39 i #3300 Manage Enforcing Policies for VIRUSCAN8700

2013-02-07 10:25:40 I #1208 Sched >>--CSchedule::ModifyTask

2013-02-07 10:25:40 E #1208 Sched <<--CSchedule::ModifyTask hr=0x80000017 : Task is being modified

2013-02-07 10:25:40 I #5660 Sched >>--CSchedule::DeleteTask

2013-02-07 10:25:40 E #5660 Sched <<--CSchedule::DeleteTask hr=0x80000017 : Task is being modified

2013-02-07 10:25:40 I #472 Sched >>--CSchedule::GetTask

2013-02-07 10:25:40 I #3300 Manage CManage::EnforcePolicies() - Failed - "VIRUSCAN8700" (error = -1000).

2013-02-07 10:25:40 i #3300 Manage Enforcing Policies for EPOAGENT3000META

2013-02-07 10:25:40 i #3300 Manage Enforcing Policies for EPOAGENT3000

 

And this in the Application Event log:

 

Event Type: Error
Event Source: McLogEvent
Event Category: None
Event ID: 5004
Date:  2/7/2013
Time:  10:27:55 AM
User:  NT AUTHORITY\SYSTEM
Computer: XXXXXXXX
Description:
Could not contact Filter Driver.
Error = 0x7f : The specified procedure could not be found.

 

 

So I am back at square one has anyone seen this before? Any ideas as to how to solve this?  Thanks in advance.

  • alexn Veteran 722 posts since
    Aug 9, 2012

    Reason could be 

     

    Path to mfeapfk, mfeavfk, and mfebopk which live under HKLM\SYSTEM\CurrentControlSet\Services\, with the full path to the driver - e.g.c:\windows\system32\drivers\mfeapfk.sys. Registry Patyh is not updated and your drivers are in Drivers folder but cant connect with Mcshield.

     

     

    Please follow these steps to resolve this.

     

    Solution 1

    Verify that the following filter driver files are present in C:\Windows\System32\Drivers

     

    • mfeavfk.sys
    • mfeapfk.sys
    • mfebopk.sys
    • mfehidk.sys
    • mfetdik.sys
    If the filter driver files are not present, then uninstall and reinstall them:

     

    1. Click Start, Run, type cmd, and then click OK.
    2. From the command prompt, navigate to: C:\Program Files\McAfee\VirusScan Enterprise.
    3. To uninstall the driver, type the following and press ENTER:

      mfehidin -u mfeavfk.sys mfeapfk.sys mfebopk.sys mfehidk.sys mfetdik.sys

    4. To reinstall the driver, type the following and press ENTER:

      mfehidin.exe -i mfeavfk.sys mfeapfk.sys mfebopk.sys mfehidk.sys mfetdik.sys
    If the filter driver files are present, ensure they are enabled in Device Manager:

     

    1. From the desktop, right-click My Computer and select Properties.
    2. Click the Hardware tab.
    3. Click Device Manager.
    4. Select View, Show Hidden devices.
    5. Expand Non-Plug and Play Drivers.
    6. For every McAfee Inc. entry, right-click the entry, select Properties, and from the drop-down menu, select Enable.
    7. When prompted Do you want to restart your computer now? click No.
    8. When all McAfee Inc. entries have been processed, close the Device Manager and restart your computer.

    Solution 2

    If the filter driver files are present and enabled, but the error (Event id : 5004) is still generated, uninstall and reinstall VSE.

     

    If this does not resolve the issue, it is likely that a third-party product is present that is not compatible with VSE. Upgrade to the latest version of VSE and apply the latest patch.

     

    If you dont see any luck after doing this, then go for latest VSE 8.8 P2.


    Post Timings: 6.00 AM to 3.00PM PDT
  • alexn Veteran 722 posts since
    Aug 9, 2012

    Also Make sure that you dont have 3rd party AV programe on your server, and also update to to the current version of VSE 8.8 patch 2.

    After reboot recheck your Device Manager for any Mcafee inc exclamation mark.


    Post Timings: 6.00 AM to 3.00PM PDT
  • David.G Newcomer 54 posts since
    Oct 31, 2008

    Any luck resolving this as I have the exact same issue. Followed the same trouble shooting process and got the the final same point of everything looking good except for those 3 !!! on the hidden drivers.

     

    Any help would be much appreciated. SR taking for ever to progress....

     

    Thanks!

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points