1 Reply Latest reply: Oct 27, 2013 7:37 PM by Ex_Brit RSS

    mcupdmgr.exe causing crashes

    cattleprod

      Every time McAfee tries to update, I've gotten a blue screen of death. Windows debugger has narrowed it down to a problem involving ntkrnlmp.exe and mcupdmgr.exe. I'm using Windows 8 with current updates, x64. Attempting to manually download and update the DAT file gave an error message that I had no compatible McAfee products, and McAfee Virtual Technician detects no errors.

       

      BugCheck 3B, {c0000005, fffff80211b211cd, fffff8801778d5b0, 0}

       

      *** ERROR: Module load completed but symbols could not be loaded for mcupdmgr.exe

      Probably caused by : ntkrnlmp.exe ( nt!SepMandatoryIntegrityCheck+6d )

       

      Followup: MachineOwner

      ---------

       

      0: kd> !analyze -v

      *******************************************************************************

      *                                                                             *

      *                        Bugcheck Analysis                                    *

      *                                                                             *

      *******************************************************************************

       

      SYSTEM_SERVICE_EXCEPTION (3b)

      An exception happened while executing a system service routine.

      Arguments:

      Arg1: 00000000c0000005, Exception code that caused the bugcheck

      Arg2: fffff80211b211cd, Address of the instruction which caused the bugcheck

      Arg3: fffff8801778d5b0, Address of the context record for the exception that caused the bugcheck

      Arg4: 0000000000000000, zero.

       

      Debugging Details:

      ------------------

       

       

      EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

       

      FAULTING_IP:

      nt!SepMandatoryIntegrityCheck+6d

      fffff802`11b211cd 0fb74202        movzx   eax,word ptr [rdx+2]

       

      CONTEXT:  fffff8801778d5b0 -- (.cxr 0xfffff8801778d5b0)

      rax=0000000000000001 rbx=fffff8801778e108 rcx=fffffa8004f445cc

      rdx=000000000000103f rsi=fffff8a00fe89b00 rdi=0000000000000000

      rip=fffff80211b211cd rsp=fffff8801778dfb0 rbp=fffff8801778e150

      r8=00000000c0000000  r9=fffff8a00fe89b00 r10=0000000000000801

      r11=fffff8801778e028 r12=0000000000000000 r13=0000000000000000

      r14=fffff8801778e270 r15=fffff8a00fe89b00

      iopl=0         nv up ei pl zr na po nc

      cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246

      nt!SepMandatoryIntegrityCheck+0x6d:

      fffff802`11b211cd 0fb74202        movzx   eax,word ptr [rdx+2] ds:002b:00000000`00001041=????

      Resetting default scope

       

      DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

       

      BUGCHECK_STR:  0x3B

       

      PROCESS_NAME:  mcupdmgr.exe

       

      CURRENT_IRQL:  0

       

      LAST_CONTROL_TRANSFER:  from fffff80211b20aa0 to fffff80211b211cd

       

      STACK_TEXT: 

      fffff880`1778dfb0 fffff802`11b20aa0 : fffff880`1778e150 fffff8a0`0fe89b00 fffff880`1778e270 00000000`00000000 : nt!SepMandatoryIntegrityCheck+0x6d

      fffff880`1778e030 fffff802`11b217b2 : 00000000`00000000 fffffa80`0a2f9010 fffff8a0`05456510 fffff802`11ea1fcd : nt!SeAccessCheckWithHint+0x120

      fffff880`1778e1b0 fffff802`11ebb09a : 00000000`58ac2602 fffff8a0`09fc09fc fffffa80`0a2f9010 fffff8a0`0220f960 : nt!SeAccessCheck+0x62

      fffff880`1778e220 fffff802`11ebb85d : 00000000`00000000 fffff8a0`047205d0 fffff880`1778e331 fffffa80`0a2f9010 : nt!CmpCheckKeyBodyAccess+0x12a

      fffff880`1778e2b0 fffff802`11eb9945 : 00000000`c0000022 fffff8a0`041fc9f8 fffff8a0`008ee018 fffffa80`0a2f9010 : nt!CmpDoOpen+0x32d

      fffff880`1778e370 fffff802`11e97a85 : 00000000`00000001 fffffa80`0a2f91d0 fffff880`0176d640 fffffa80`3045464d : nt!CmpParseKey+0x606

      fffff880`1778e6f0 fffff802`11ea73f8 : 00000000`00000828 fffff880`1778e8b8 fffff8a0`00000040 fffffa80`04f44580 : nt!ObpLookupObjectName+0x806

      fffff880`1778e840 fffff802`11ed2521 : 00000000`00000000 00000000`01ebb2a8 00000000`00000001 fffff802`11ed15bf : nt!ObOpenObjectByName+0x258

      fffff880`1778e910 fffff802`11ed3f4b : ffffe112`677f5ab5 ffffe112`677f5ae5 00000000`01c96be0 00000000`01c83020 : nt!CmOpenKey+0x2a0

      fffff880`1778eac0 fffff802`11ac7453 : 00000000`00000001 fffffa80`0a2dbb00 fffff880`1778eb80 00000000`01c96bb0 : nt!NtOpenKeyEx+0xf

      fffff880`1778eb00 000007ff`4a6c3c4b : 000007ff`476a3e74 00000000`01ebb528 000007ff`00000000 00000000`00010000 : nt!KiSystemServiceCopyEnd+0x13

      00000000`01ebb1c8 000007ff`476a3e74 : 00000000`01ebb528 000007ff`00000000 00000000`00010000 00000000`00000000 : ntdll!NtOpenKeyEx+0xa

      00000000`01ebb1d0 000007ff`476a408d : 00004d35`e8dcd51a 00000000`00000828 00000000`021b0be0 00000000`00000001 : KERNELBASE!LocalBaseRegOpenKey+0x208

      00000000`01ebb4e0 000007ff`476d06b9 : 00000000`00000828 00000000`00000000 00000000`00000000 00000000`00000002 : KERNELBASE!RegOpenKeyExInternalW+0x15d

      00000000`01ebb570 000007f6`843bd303 : 00000000`000007b4 00000000`00000000 00000000`00000001 00000000`00000000 : KERNELBASE!RegDeleteTreeW+0xe1

      00000000`01ebb5f0 00000000`000007b4 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`01cc5de0 : mcupdmgr+0x5d303

      00000000`01ebb5f8 00000000`00000000 : 00000000`00000001 00000000`00000000 00000000`01cc5de0 000007f6`843bd7ef : 0x7b4

       

       

      FOLLOWUP_IP:

      nt!SepMandatoryIntegrityCheck+6d

      fffff802`11b211cd 0fb74202        movzx   eax,word ptr [rdx+2]

       

      SYMBOL_STACK_INDEX:  0

       

      SYMBOL_NAME:  nt!SepMandatoryIntegrityCheck+6d

       

      FOLLOWUP_NAME:  MachineOwner

       

      MODULE_NAME: nt

       

      IMAGE_NAME:  ntkrnlmp.exe

       

      DEBUG_FLR_IMAGE_TIMESTAMP:  51a966cd

       

      STACK_COMMAND:  .cxr 0xfffff8801778d5b0 ; kb

       

      BUCKET_ID_FUNC_OFFSET:  6d

       

      FAILURE_BUCKET_ID:  0x3B_nt!SepMandatoryIntegrityCheck

       

      BUCKET_ID:  0x3B_nt!SepMandatoryIntegrityCheck

       

      Followup: MachineOwner

      ---------

       

      0: kd> !analyze -v

      *******************************************************************************

      *                                                                             *

      *                        Bugcheck Analysis                                    *

      *                                                                             *

      *******************************************************************************

       

      SYSTEM_SERVICE_EXCEPTION (3b)

      An exception happened while executing a system service routine.

      Arguments:

      Arg1: 00000000c0000005, Exception code that caused the bugcheck

      Arg2: fffff80211b211cd, Address of the instruction which caused the bugcheck

      Arg3: fffff8801778d5b0, Address of the context record for the exception that caused the bugcheck

      Arg4: 0000000000000000, zero.

       

      Debugging Details:

      ------------------

       

       

      EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

       

      FAULTING_IP:

      nt!SepMandatoryIntegrityCheck+6d

      fffff802`11b211cd 0fb74202        movzx   eax,word ptr [rdx+2]

       

      CONTEXT:  fffff8801778d5b0 -- (.cxr 0xfffff8801778d5b0)

      rax=0000000000000001 rbx=fffff8801778e108 rcx=fffffa8004f445cc

      rdx=000000000000103f rsi=fffff8a00fe89b00 rdi=0000000000000000

      rip=fffff80211b211cd rsp=fffff8801778dfb0 rbp=fffff8801778e150

      r8=00000000c0000000  r9=fffff8a00fe89b00 r10=0000000000000801

      r11=fffff8801778e028 r12=0000000000000000 r13=0000000000000000

      r14=fffff8801778e270 r15=fffff8a00fe89b00

      iopl=0         nv up ei pl zr na po nc

      cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246

      nt!SepMandatoryIntegrityCheck+0x6d:

      fffff802`11b211cd 0fb74202        movzx   eax,word ptr [rdx+2] ds:002b:00000000`00001041=????

      Resetting default scope

       

      DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

       

      BUGCHECK_STR:  0x3B

       

      PROCESS_NAME:  mcupdmgr.exe

       

      CURRENT_IRQL:  0

       

      LAST_CONTROL_TRANSFER:  from fffff80211b20aa0 to fffff80211b211cd

       

      STACK_TEXT: 

      fffff880`1778dfb0 fffff802`11b20aa0 : fffff880`1778e150 fffff8a0`0fe89b00 fffff880`1778e270 00000000`00000000 : nt!SepMandatoryIntegrityCheck+0x6d

      fffff880`1778e030 fffff802`11b217b2 : 00000000`00000000 fffffa80`0a2f9010 fffff8a0`05456510 fffff802`11ea1fcd : nt!SeAccessCheckWithHint+0x120

      fffff880`1778e1b0 fffff802`11ebb09a : 00000000`58ac2602 fffff8a0`09fc09fc fffffa80`0a2f9010 fffff8a0`0220f960 : nt!SeAccessCheck+0x62

      fffff880`1778e220 fffff802`11ebb85d : 00000000`00000000 fffff8a0`047205d0 fffff880`1778e331 fffffa80`0a2f9010 : nt!CmpCheckKeyBodyAccess+0x12a

      fffff880`1778e2b0 fffff802`11eb9945 : 00000000`c0000022 fffff8a0`041fc9f8 fffff8a0`008ee018 fffffa80`0a2f9010 : nt!CmpDoOpen+0x32d

      fffff880`1778e370 fffff802`11e97a85 : 00000000`00000001 fffffa80`0a2f91d0 fffff880`0176d640 fffffa80`3045464d : nt!CmpParseKey+0x606

      fffff880`1778e6f0 fffff802`11ea73f8 : 00000000`00000828 fffff880`1778e8b8 fffff8a0`00000040 fffffa80`04f44580 : nt!ObpLookupObjectName+0x806

      fffff880`1778e840 fffff802`11ed2521 : 00000000`00000000 00000000`01ebb2a8 00000000`00000001 fffff802`11ed15bf : nt!ObOpenObjectByName+0x258

      fffff880`1778e910 fffff802`11ed3f4b : ffffe112`677f5ab5 ffffe112`677f5ae5 00000000`01c96be0 00000000`01c83020 : nt!CmOpenKey+0x2a0

      fffff880`1778eac0 fffff802`11ac7453 : 00000000`00000001 fffffa80`0a2dbb00 fffff880`1778eb80 00000000`01c96bb0 : nt!NtOpenKeyEx+0xf

      fffff880`1778eb00 000007ff`4a6c3c4b : 000007ff`476a3e74 00000000`01ebb528 000007ff`00000000 00000000`00010000 : nt!KiSystemServiceCopyEnd+0x13

      00000000`01ebb1c8 000007ff`476a3e74 : 00000000`01ebb528 000007ff`00000000 00000000`00010000 00000000`00000000 : ntdll!NtOpenKeyEx+0xa

      00000000`01ebb1d0 000007ff`476a408d : 00004d35`e8dcd51a 00000000`00000828 00000000`021b0be0 00000000`00000001 : KERNELBASE!LocalBaseRegOpenKey+0x208

      00000000`01ebb4e0 000007ff`476d06b9 : 00000000`00000828 00000000`00000000 00000000`00000000 00000000`00000002 : KERNELBASE!RegOpenKeyExInternalW+0x15d

      00000000`01ebb570 000007f6`843bd303 : 00000000`000007b4 00000000`00000000 00000000`00000001 00000000`00000000 : KERNELBASE!RegDeleteTreeW+0xe1

      00000000`01ebb5f0 00000000`000007b4 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`01cc5de0 : mcupdmgr+0x5d303

      00000000`01ebb5f8 00000000`00000000 : 00000000`00000001 00000000`00000000 00000000`01cc5de0 000007f6`843bd7ef : 0x7b4

       

       

      FOLLOWUP_IP:

      nt!SepMandatoryIntegrityCheck+6d

      fffff802`11b211cd 0fb74202        movzx   eax,word ptr [rdx+2]

       

      SYMBOL_STACK_INDEX:  0

       

      SYMBOL_NAME:  nt!SepMandatoryIntegrityCheck+6d

       

      FOLLOWUP_NAME:  MachineOwner

       

      MODULE_NAME: nt

       

      IMAGE_NAME:  ntkrnlmp.exe

       

      DEBUG_FLR_IMAGE_TIMESTAMP:  51a966cd

       

      STACK_COMMAND:  .cxr 0xfffff8801778d5b0 ; kb

       

      BUCKET_ID_FUNC_OFFSET:  6d

       

      FAILURE_BUCKET_ID:  0x3B_nt!SepMandatoryIntegrityCheck

       

      BUCKET_ID:  0x3B_nt!SepMandatoryIntegrityCheck

       

      Followup: MachineOwner

      ---------

       

      0: kd> lmvm

                ^ Non-empty string required in 'lmvm'

      0: kd> lmvm nt

      start             end                 module name

      fffff802`11a6e000 fffff802`121ba000   nt         (pdb symbols)          c:\cache\ntkrnlmp.pdb\E2A28FBB5A694B22910DBF6F2F0CA7522\ntkrnlmp.pdb

          Loaded symbol image file: ntkrnlmp.exe

          Image path: ntkrnlmp.exe

          Image name: ntkrnlmp.exe

          Timestamp:        Fri May 31 23:13:17 2013 (51A966CD)

          CheckSum:         006B3AE4

          ImageSize:        0074C000

          File version:     6.2.9200.16628

          Product version:  6.2.9200.16628

          File flags:       0 (Mask 3F)

          File OS:          40004 NT Win32

          File type:        1.0 App

          File date:        00000000.00000000

          Translations:     0409.04b0

          CompanyName:      Microsoft Corporation

          ProductName:      Microsoft® Windows® Operating System

          InternalName:     ntkrnlmp.exe

          OriginalFilename: ntkrnlmp.exe

          ProductVersion:   6.2.9200.16628

          FileVersion:      6.2.9200.16628 (win8_gdr.130531-1504)

          FileDescription:  NT Kernel & System

          LegalCopyright:   © Microsoft Corporation. All rights reserved.

      0: kd> lmvm mcupdmgr.exe

      start             end                 module name

      0: kd> lmvm mcupdmgr

      start             end                 module name

      000007f6`84360000 000007f6`844e7000   mcupdmgr   (no symbols)          

          Loaded symbol image file: mcupdmgr.exe

          Image path: c:\PROGRA~1\mcafee\msc\mcupdmgr.exe

          Image name: mcupdmgr.exe

          Timestamp:        Tue Aug 06 15:05:17 2013 (520148ED)

          CheckSum:         00184CBE

          ImageSize:        00187000

          File version:     12.8.737.0

          Product version:  12.8.0.0

          File flags:       0 (Mask 3F)

          File OS:          40004 NT Win32

          File type:        1.0 App

          File date:        00000000.00000000

          Translations:     0409.04b0

          CompanyName:      McAfee, Inc.

          ProductName:      McAfee SecurityCenter

          InternalName:     mcupdmgr

          OriginalFilename: mcupdmgr.exe

          ProductVersion:   12,8,0,0

          FileVersion:      12,8,737,0

          FileDescription:  McAfee Update Manager Service

          LegalCopyright:   Copyright © 2013 McAfee, Inc.

       

      Message was edited by: cattleprod on 10/27/13 3:48:28 PM CDT

       

      Message was edited by: cattleprod on 10/27/13 3:53:40 PM CDT

       

      Message was edited by: cattleprod on 10/27/13 3:56:02 PM CDT
        • 1. Re: mcupdmgr.exe causing crashes
          Ex_Brit

          We aren't qualified to read those logs here.  Your best avenue for help would be Technical Support, it's free by phone or online chat and linked under Useful Links at the top of this page.

           

          All I can suggest you try is first run the Virtual technician to see if it finds and fixes errors:  http://mvt.mcafee.com/

           

          If that fails try uninstalling everything via Control Panel > Programs

           

          Then run the MCPR cleanup tool and reboot.

           

          Then reinstall from your online account.

           

           

           

           

          .

           

          Message was edited by: Ex_Brit on 27/10/13 8:37:24 EDT PM