Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1900 Views 4 Replies Latest reply: Apr 18, 2013 10:59 PM by charmag RSS
charmag Newcomer 8 posts since
Nov 5, 2010
Currently Being Moderated

Apr 17, 2013 2:33 AM

Exception in McShield.Exe kill file server

Since 11 april 2013 in event log start appear McLogEvent 5019 (windows server 2008 R2). After this event occur file server stay inaccessible. When try reboot server hang on shutdown window and only hard reset take influence.

 

McLogEvent 5019:

Exception in McShield.Exe!

Exception details follow :

VSCORE.14.3.0.464

Exception Code       : 0X00000000C0000005

Exception Address    : 0X0000000012285255

Exception Parameters : 2

Param 1 = 0000000000000000

Param 2 = 0X000000001C2B00A8

 

More information :

ScanRequest : NTName is \Device\HarddiskVolumeShadowCopy240\....Path to file ......\O2_zuev.rar.

 

We had version 8.8.0.777. Now Im update VSE to 8.8.0.975. Behaviour still same:

 

Exception in McShield.Exe!

Exception details follow :

VSCORE.15.0.0.476

Exception Code       : 0X00000000C0000005

Exception Address    : 0X0000000012285255

Exception Parameters : 2

Param 1 = 0000000000000000

Param 2 = 0X00000000117700A8

 

More information :

ScanRequest : NTName is \Device\HarddiskVolume7\....Path to file ......\amol2013.rar.

 

Error occur always on rar archives.

How to fix?


  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    1. Apr 17, 2013 7:56 AM (in response to charmag)
    Re: Exception in McShield.Exe kill file server

    Hi,

     

    just a notion: the .RAR format could be unsupported (= verynew) for Virusscan to handle, or it could be damaged/manipulated so unrar process fails. This further results in memory corruption so only hard reset resolves the lockup.

    I wonder if these files are generated by an application or sent by someone else.. is there a chance to change the format to .ZIP instead?

     

    Otherwise I only see a quick resolution in excluding .RAR from scanning altogether (in Default policy, since the same thing can  happen if you just exclude it in Low/High Risk policy per process).

     

    Attila

  • wwarren McAfee SME 766 posts since
    Nov 3, 2009
    Currently Being Moderated
    3. Apr 18, 2013 1:17 PM (in response to charmag)
    Re: Exception in McShield.Exe kill file server

    I suggest working with Support on this issue.

     

    The 5019 event is a crash. McShield shouldn't crash - that tells you something bad is happening.

    If you're getting 5051 events as well, then that gives context for the crash - that it's in response to timeout conditions being met. McShield should timeout, but when it does you want to make sure you understand why...

     

    If this is not from timeouts, you must engage Support.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points