8 Replies Latest reply: Feb 20, 2013 10:48 AM by briandlau RSS

    Windows 2003 unresponsive with Agent 4.6.2935 and VS 8.8p2 - possible corrupt agent install


      New to the community so i apologize if this has been discussed previously.  Unsure of where to find a search bar.


      We recently have noticed a number of our windows server 2003 hosts go unresponsive intermittently.  At first, we saw that there were a slew of messages in the access protection log blocking a EMC Navisphere Agent service from terminating McAfee processes.  I have discussed this with both sides and it turns out that the service may be checking the ports for properties and in turn, McAfee will treat it as an attempted attack to terminate services.  I have since added this exclusion and have even disabled "prevent McAfee services from being stopped" as the rule may be inherent to child policies.  However, our woes continue.


      After further investigation, we strongly feel that a corrupt agent install may be to source of this issue although they have been running for months without any previously reported issues.  The agent status monitor didn't appear to be acting normally, as it was reporting "100 events to upload" over and over again and/or unable to contacting the epo server. 


      We decided to uninstall all products last night and it seemed as though the agent uninstall would simply hang with "15 minutes" left on the progress status.  it would sit that way for about 30 minutes until we decided to cancel out and disable the service if possible at that point.  Fast forward to this morning, we noticed that there are tons of XML files in

      c:\documents and settings\all users\application data\mcafee\common framework\agentevents\ on the affected machines.  the number of files and how far they date back is unknown.  just to give you an idea, a dir from the cmd prompt wouldn't even return the list of files and a windows explorer delete from the directory above would run for about 45 minutes to delete all of the contents.  all the while, the c:\ itself was never full.


      Has anyone else experienced anything like this?  Is there a way to track corrupted agent installs prior to getting in this position?  Can a successful agent install eventually enter a corrupted state on its own?  Thanks.