4 Replies Latest reply: Sep 18, 2013 8:26 AM by e600089 RSS

    Exception in McShield.Exe - VSE 8.8

    rjcuk

      I have noticed that multiple times, the mcsheild.exe process has gone into an unrecoverable state of suspended.

      From the times I can recall, it has happened shortly after logging into to a cold boot on Windows, and after resuming from sleep (on two different ocassions).

      This causes most processes on Windows to stop responding. If I try to kill the mcsheild.exe process, then Process Explorer goes into not responding.

      If I try to net stop mcscheild, it says the service is not responding to control requests (as expected because it's in a state of suspended). The Framework service doesn't seem to respond to the net stop request either.

      The only way to resolve the issue that I've found is to force power-off the machine and turn on again. I manage to get it to "Logging off", but it doesn't ever shut down/reboot once this has happened.

       

      I found a couple of errors in Event Viewer. Interesting they do not have any 'More information'.

      There are some discussions similar to this however I've noted how they are different:

      https://community.mcafee.com/message/284075 - VSCORE 15  It was scanning a RAR file, I don't use rar files anyway

      https://community.mcafee.com/thread/26855 - VS CORE 14.1 Exception in memory scanner thread. - I didn't get this More information, and it's for an older version

      https://community.mcafee.com/thread/53826 - VS CORE 15 - I don't get the More information

      https://community.mcafee.com/thread/43714 - VS CORE 14.4  this seems more similar however I still don't get More information

       

      I have also seen http://kc.mcafee.com/corporate/index?page=content&id=KB60651&act=RATE&impression s=false&newguid=e7c2e6a0335e4a29b6d0e4727601005f

      I don't have "Process on enable" turned on - it has always been disabled, so the cause of the issue is not the same as the KB article or the fix it provides. I also have a later version, VSE 8.8, than what the article is talking about, 8.7i

       

      Log Name:      Application

      Source:        McLogEvent

      Date:          03/08/2013 8:30:06 AM

      Event ID:      5019

      Task Category: None

      Level:         Error

      Keywords:      Classic

      User:          SYSTEM

      Computer:      UK-L4C043080H.**********.com

      Description:

      Exception in McShield.Exe!

      Exception details follow :

      VSCORE.14.4.0.354

      Exception Code       : 0XC0000005

      Exception Address    : 0X77338A46

      Exception Parameters : 2

      Param 1 = 0X00000001

      Param 2 = 0XF1EEF1EE

       

       

      More information :

       

       

      Event Xml:

      <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

        <System>

          <Provider Name="McLogEvent" />

          <EventID Qualifiers="49152">5019</EventID>

          <Level>2</Level>

          <Task>0</Task>

          <Keywords>0x80000000000000</Keywords>

          <TimeCreated SystemTime="2013-08-03T07:30:06.000000000Z" />

          <EventRecordID>76757</EventRecordID>

          <Channel>Application</Channel>

          <Computer>UK-L4C043080H.*********.com</Computer>

          <Security UserID="S-1-5-18" />

        </System>

        <EventData>

          <Data>

      VSCORE.14.4.0.354

      Exception Code       : 0XC0000005

      Exception Address    : 0X77338A46

      Exception Parameters : 2

      Param 1 = 0X00000001

      Param 2 = 0XF1EEF1EE

       

       

      More information :

      </Data>

        </EventData>

      </Event>

       

       

      There is also another Windows event:

       

      Log Name:      Application

      Source:        Application Error

      Date:          03/08/2013 8:30:07 AM

      Event ID:      1000

      Task Category: (100)

      Level:         Error

      Keywords:      Classic

      User:          N/A

      Computer:      UK-L4C043080H.**********.com

      Description:

      Faulting application name: mcshield.exe, version: 14.4.0.354, time stamp: 0x4e26280f

      Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f

      Exception code: 0xc0000005

      Fault offset: 0x00048a46

      Faulting process id: 0xcf8

      Faulting application start time: 0x01ce8fd51b6e82ed

      Faulting application path: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

      Faulting module path: C:\WINDOWS\system32\ole32.dll

      Report Id: 84c0ad2c-fc0e-11e2-87d1-e8e0b7f9665a

      Event Xml:

      <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

        <System>

          <Provider Name="Application Error" />

          <EventID Qualifiers="0">1000</EventID>

          <Level>2</Level>

          <Task>100</Task>

          <Keywords>0x80000000000000</Keywords>

          <TimeCreated SystemTime="2013-08-03T07:30:07.000000000Z" />

          <EventRecordID>76758</EventRecordID>

          <Channel>Application</Channel>

          <Computer>UK-L4C043080H.**********.com</Computer>

          <Security />

        </System>

        <EventData>

          <Data>mcshield.exe</Data>

          <Data>14.4.0.354</Data>

          <Data>4e26280f</Data>

          <Data>ole32.dll</Data>

          <Data>6.1.7601.17514</Data>

          <Data>4ce7b96f</Data>

          <Data>c0000005</Data>

          <Data>00048a46</Data>

          <Data>cf8</Data>

          <Data>01ce8fd51b6e82ed</Data>

          <Data>C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe</Data>

          <Data>C:\WINDOWS\system32\ole32.dll</Data>

          <Data>84c0ad2c-fc0e-11e2-87d1-e8e0b7f9665a</Data>

        </EventData>

      </Event>

       

       

       

      Scan Engine version: 5600.1067

      DAT version: 7154.0000

      Buffer overflow... : 657

      Installed patches: 1

       

      Windows 7 Enterprise 32-bit SP1

       

      If someone can suggest some ideas I would really appreicate it. The only solution I can think of for the meantime is to stop the McAfee services before the computer sleeps. That way when Windows is resumed it should be able to bring them back again.

        • 1. Re: Exception in McShield.Exe - VSE 8.8
          wwarren

          If you experience Event 5051, where McShield self-terminates due to hitting the User-configurable Timeout values, there is information in our knowledgebase to help you understand what to do with these.

          Or, work with Support to discuss them - the files they occur on, and their frequency. An exclusion may be appropriate, or perhaps a file should be sent to McAfee Labs for review.

           

          If you experience Event 5019, where McShield crashes (perhaps seeming to be random), that is of interest to McAfee Support - especially if it is frequent and/or predictable. This event means the process failed and we don't know why; likely due to instability or programmatical error.... something that can/should be fixed. We just need to find out what the cause is.

           

          We've recently identified a cause behind some 5019's we heard of from the field, experienced with 8.8 Patch 2. The issue will be addressed with Patch 4. This one is timing related and appears to be very rarely occurring in practice. We're also aware of another 5019 crash that is caused from an Engine failure (5400) which we are yet to get data on, it too being extremely rare.

          So if you have some data, please work with Support.

          • 2. Re: Exception in McShield.Exe - VSE 8.8
            chris2013

            I have a similar issue. I think the above description is the same.:

             

            After put computer to sleep, then waking it up the next morning, I usually go into Internet Explorer, which then hangs. The only cure has been to turn the computer off, using the power switch, and restarting. The below event description is from the Reliability monitor, built into Windows.

             

            Description

            Faulting application name: mcshield.exe, version: 15.1.0.520, time stamp: 0x50f59f8d

            Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c

            Exception code: 0xc0000005

            Fault offset: 0x000000000000d89e

            Faulting process id: 0xa40

            Faulting application start time: 0x01cea5c100259fe0

            Faulting application path: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

            Faulting module path: C:\Windows\system32\ole32.dll

            Report Id: b3560180-13ea-11e3-8616-001d72be6957

            • 3. Re: Exception in McShield.Exe - VSE 8.8
              rjcuk

              Since my last post my McAfee has been upgraded to 8.8 Patch 2. I've definitely had it go to sleep a couple of times and haven't seen the issue yet.

              I did also see an issue where if you ran uTorrent, you would get a bluescreen error after about 30mins to 1 hour of starting the process. It looks like the release notes fixed the STOP error code 7F, which is the one I was seeing for that. https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 23000/PD23934/en_US/VSE_88_P2_Release_Notes.pdf

              It is possible something else in there has fixed these sleep crashes as well - I will keep my eyes very closely on it though.

               

              This is my new version information:

               

              System Information 

              Computer Name: **********

                

              McAfee Agent 

              Version number: 4.8.0.641

              Managed 

              Last security update check: 04/09/2013 10:27:41 AM

              Last agent-to-server communication: 04/09/2013 4:57:54 PM

              Agent to Server Communication Interval (every): 2 hours

              Policy Enforcement Interval (every): 5 minutes

              Agent ID: {231FADC1-766A-4273-8070-D24693650AB7}

              ePO Server/Agent Handler 

              DNS Name: ************

              IP Address: *************

              Port Number: 443

                

                

              McAfee VirusScan Enterprise + AntiSpyware Enterprise 

              Version number: 8.8.0 (8.8.0.975)

              Build date: 14/08/2012

                

              Anti-virus License Type: licensed

                

              Scan engine version (32-bit): 5600.1067

                

                

              DAT version: 7187.0000

              DAT Created on: 9/3/2013

                

              Number of Signatures in extra.dat: 0

              Name of threats that extra.dat can detect: None 

              Buffer Overflow and Access Protection DAT version: 657

                

              Installed Patches: 2

                

              Installed Modules: 

                

               

              Copyright © 1995-2013 McAfee, Inc. 

              All Rights Reserved. 

              www.mcafee.com 

              • 4. Re: Exception in McShield.Exe - VSE 8.8
                e600089

                Bonjour,

                 

                I had similar problem. 3 different laptop were freezing from time to time. After investigation, I found the following error into the Event Application viewer:

                 

                Event Viewer Application Log, 2 errors:

                 

                1)            Log Name:      Application

                Source:        Application Error

                Date:          9/17/2013 8:23:52 AM

                Event ID:      1000

                Task Category: (100)

                Level:         Error

                Keywords:      Classic

                User:          N/A

                Computer:      ...

                Description:

                Faulting application name: mcshield.exe, version: 15.0.0.466, time stamp: 0x4fbbb961

                Faulting module name: mcscan32.dll, version: 5.400.0.1158, time stamp: 0x4a705d78

                Exception code: 0xc0000005

                Fault offset: 0x001d49ad

                Faulting process id: 0xbf4

                Faulting application start time: 0x01ceb3a018684a85

                Faulting application path: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

                Faulting module path: C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll

                Report Id: 02d528b4-1f94-11e3-82f8-24fd522f8527

                Event Xml:

                <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

                  <System>

                    <Provider Name="Application Error" />

                    <EventID Qualifiers="0">1000</EventID>

                    <Level>2</Level>

                    <Task>100</Task>

                    <Keywords>0x80000000000000</Keywords>

                    <TimeCreated SystemTime="2013-09-17T12:23:52.000000000Z" />

                    <EventRecordID>4010</EventRecordID>

                    <Channel>Application</Channel>

                    <Computer>...</Computer>

                    <Security />

                  </System>

                  <EventData>

                    <Data>mcshield.exe</Data>

                    <Data>15.0.0.466</Data>

                    <Data>4fbbb961</Data>

                    <Data>mcscan32.dll</Data>

                    <Data>5.400.0.1158</Data>

                    <Data>4a705d78</Data>

                    <Data>c0000005</Data>

                    <Data>001d49ad</Data>

                    <Data>bf4</Data>

                    <Data>01ceb3a018684a85</Data>

                    <Data>C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe</Data>

                    <Data>C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll</Data>

                    <Data>02d528b4-1f94-11e3-82f8-24fd522f8527</Data>

                  </EventData>

                </Event>

                 

                2)

                Log Name:      Application
                Source:        McLogEvent
                Date:          9/17/2013 8:23:50 AM
                Event ID:      5019
                Task Category: None
                Level:         Error
                Keywords:      Classic
                User:          SYSTEM
                Computer:      ...

                Description:
                Exception in McShield.Exe!
                Exception details follow :
                VSCORE.15.0.0.466
                Exception Code       : 0XC0000005
                Exception Address    : 0X121D49AD
                Exception Parameters : 2
                Param 1 = 00000000
                Param 2 = 0X00000014

                More information :
                ScanRequest : NTName is \Device\HarddiskVolume1\Download\cws52_Setup.exe.

                Event Xml:
                <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
                  <System>
                    <Provider Name="McLogEvent" />
                    <EventID Qualifiers="49152">5019</EventID>
                    <Level>2</Level>
                    <Task>0</Task>
                    <Keywords>0x80000000000000</Keywords>
                    <TimeCreated SystemTime="2013-09-17T12:23:50.000000000Z" />
                    <EventRecordID>4009</EventRecordID>
                    <Channel>Application</Channel>
                    <Computer>...</Computer>
                    <Security UserID="S-1-5-18" />
                  </System>
                  <EventData>
                    <Data>
                VSCORE.15.0.0.466
                Exception Code       : 0XC0000005
                Exception Address    : 0X121D49AD
                Exception Parameters : 2
                Param 1 = 00000000
                Param 2 = 0X00000014

                More information :
                ScanRequest : NTName is \Device\HarddiskVolume1\Download\cws52_Setup.exe.
                </Data>
                  </EventData>
                </Event>

                 

                When I look on the web, I read the following:

                 

                For error 5019:

                 

                                Check the web page è  https://community.mcafee.com/message/284075

                 

                For error with Mcshield.exe:

                 

                Check the web page è  https://community.mcafee.com/message/302084  read the 3rd line starting with: This causes most process…..

                 

                I deleted the file …\cws52_setup.exe from both computer.