Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
288 Views 1 Reply Latest reply: Oct 27, 2013 7:36 PM by Ex_Brit RSS
cattleprod Newcomer 10 posts since
Nov 18, 2011
Currently Being Moderated

Oct 27, 2013 3:56 PM

mcupdmgr.exe causing crashes

Every time McAfee tries to update, I've gotten a blue screen of death. Windows debugger has narrowed it down to a problem involving ntkrnlmp.exe and mcupdmgr.exe. I'm using Windows 8 with current updates, x64. Attempting to manually download and update the DAT file gave an error message that I had no compatible McAfee products, and McAfee Virtual Technician detects no errors.

 

BugCheck 3B, {c0000005, fffff80211b211cd, fffff8801778d5b0, 0}

 

*** ERROR: Module load completed but symbols could not be loaded for mcupdmgr.exe

Probably caused by : ntkrnlmp.exe ( nt!SepMandatoryIntegrityCheck+6d )

 

Followup: MachineOwner

---------

 

0: kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

 

SYSTEM_SERVICE_EXCEPTION (3b)

An exception happened while executing a system service routine.

Arguments:

Arg1: 00000000c0000005, Exception code that caused the bugcheck

Arg2: fffff80211b211cd, Address of the instruction which caused the bugcheck

Arg3: fffff8801778d5b0, Address of the context record for the exception that caused the bugcheck

Arg4: 0000000000000000, zero.

 

Debugging Details:

------------------

 

 

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

 

FAULTING_IP:

nt!SepMandatoryIntegrityCheck+6d

fffff802`11b211cd 0fb74202        movzx   eax,word ptr [rdx+2]

 

CONTEXT:  fffff8801778d5b0 -- (.cxr 0xfffff8801778d5b0)

rax=0000000000000001 rbx=fffff8801778e108 rcx=fffffa8004f445cc

rdx=000000000000103f rsi=fffff8a00fe89b00 rdi=0000000000000000

rip=fffff80211b211cd rsp=fffff8801778dfb0 rbp=fffff8801778e150

r8=00000000c0000000  r9=fffff8a00fe89b00 r10=0000000000000801

r11=fffff8801778e028 r12=0000000000000000 r13=0000000000000000

r14=fffff8801778e270 r15=fffff8a00fe89b00

iopl=0         nv up ei pl zr na po nc

cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246

nt!SepMandatoryIntegrityCheck+0x6d:

fffff802`11b211cd 0fb74202        movzx   eax,word ptr [rdx+2] ds:002b:00000000`00001041=????

Resetting default scope

 

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

 

BUGCHECK_STR:  0x3B

 

PROCESS_NAME:  mcupdmgr.exe

 

CURRENT_IRQL:  0

 

LAST_CONTROL_TRANSFER:  from fffff80211b20aa0 to fffff80211b211cd

 

STACK_TEXT: 

fffff880`1778dfb0 fffff802`11b20aa0 : fffff880`1778e150 fffff8a0`0fe89b00 fffff880`1778e270 00000000`00000000 : nt!SepMandatoryIntegrityCheck+0x6d

fffff880`1778e030 fffff802`11b217b2 : 00000000`00000000 fffffa80`0a2f9010 fffff8a0`05456510 fffff802`11ea1fcd : nt!SeAccessCheckWithHint+0x120

fffff880`1778e1b0 fffff802`11ebb09a : 00000000`58ac2602 fffff8a0`09fc09fc fffffa80`0a2f9010 fffff8a0`0220f960 : nt!SeAccessCheck+0x62

fffff880`1778e220 fffff802`11ebb85d : 00000000`00000000 fffff8a0`047205d0 fffff880`1778e331 fffffa80`0a2f9010 : nt!CmpCheckKeyBodyAccess+0x12a

fffff880`1778e2b0 fffff802`11eb9945 : 00000000`c0000022 fffff8a0`041fc9f8 fffff8a0`008ee018 fffffa80`0a2f9010 : nt!CmpDoOpen+0x32d

fffff880`1778e370 fffff802`11e97a85 : 00000000`00000001 fffffa80`0a2f91d0 fffff880`0176d640 fffffa80`3045464d : nt!CmpParseKey+0x606

fffff880`1778e6f0 fffff802`11ea73f8 : 00000000`00000828 fffff880`1778e8b8 fffff8a0`00000040 fffffa80`04f44580 : nt!ObpLookupObjectName+0x806

fffff880`1778e840 fffff802`11ed2521 : 00000000`00000000 00000000`01ebb2a8 00000000`00000001 fffff802`11ed15bf : nt!ObOpenObjectByName+0x258

fffff880`1778e910 fffff802`11ed3f4b : ffffe112`677f5ab5 ffffe112`677f5ae5 00000000`01c96be0 00000000`01c83020 : nt!CmOpenKey+0x2a0

fffff880`1778eac0 fffff802`11ac7453 : 00000000`00000001 fffffa80`0a2dbb00 fffff880`1778eb80 00000000`01c96bb0 : nt!NtOpenKeyEx+0xf

fffff880`1778eb00 000007ff`4a6c3c4b : 000007ff`476a3e74 00000000`01ebb528 000007ff`00000000 00000000`00010000 : nt!KiSystemServiceCopyEnd+0x13

00000000`01ebb1c8 000007ff`476a3e74 : 00000000`01ebb528 000007ff`00000000 00000000`00010000 00000000`00000000 : ntdll!NtOpenKeyEx+0xa

00000000`01ebb1d0 000007ff`476a408d : 00004d35`e8dcd51a 00000000`00000828 00000000`021b0be0 00000000`00000001 : KERNELBASE!LocalBaseRegOpenKey+0x208

00000000`01ebb4e0 000007ff`476d06b9 : 00000000`00000828 00000000`00000000 00000000`00000000 00000000`00000002 : KERNELBASE!RegOpenKeyExInternalW+0x15d

00000000`01ebb570 000007f6`843bd303 : 00000000`000007b4 00000000`00000000 00000000`00000001 00000000`00000000 : KERNELBASE!RegDeleteTreeW+0xe1

00000000`01ebb5f0 00000000`000007b4 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`01cc5de0 : mcupdmgr+0x5d303

00000000`01ebb5f8 00000000`00000000 : 00000000`00000001 00000000`00000000 00000000`01cc5de0 000007f6`843bd7ef : 0x7b4

 

 

FOLLOWUP_IP:

nt!SepMandatoryIntegrityCheck+6d

fffff802`11b211cd 0fb74202        movzx   eax,word ptr [rdx+2]

 

SYMBOL_STACK_INDEX:  0

 

SYMBOL_NAME:  nt!SepMandatoryIntegrityCheck+6d

 

FOLLOWUP_NAME:  MachineOwner

 

MODULE_NAME: nt

 

IMAGE_NAME:  ntkrnlmp.exe

 

DEBUG_FLR_IMAGE_TIMESTAMP:  51a966cd

 

STACK_COMMAND:  .cxr 0xfffff8801778d5b0 ; kb

 

BUCKET_ID_FUNC_OFFSET:  6d

 

FAILURE_BUCKET_ID:  0x3B_nt!SepMandatoryIntegrityCheck

 

BUCKET_ID:  0x3B_nt!SepMandatoryIntegrityCheck

 

Followup: MachineOwner

---------

 

0: kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

 

SYSTEM_SERVICE_EXCEPTION (3b)

An exception happened while executing a system service routine.

Arguments:

Arg1: 00000000c0000005, Exception code that caused the bugcheck

Arg2: fffff80211b211cd, Address of the instruction which caused the bugcheck

Arg3: fffff8801778d5b0, Address of the context record for the exception that caused the bugcheck

Arg4: 0000000000000000, zero.

 

Debugging Details:

------------------

 

 

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

 

FAULTING_IP:

nt!SepMandatoryIntegrityCheck+6d

fffff802`11b211cd 0fb74202        movzx   eax,word ptr [rdx+2]

 

CONTEXT:  fffff8801778d5b0 -- (.cxr 0xfffff8801778d5b0)

rax=0000000000000001 rbx=fffff8801778e108 rcx=fffffa8004f445cc

rdx=000000000000103f rsi=fffff8a00fe89b00 rdi=0000000000000000

rip=fffff80211b211cd rsp=fffff8801778dfb0 rbp=fffff8801778e150

r8=00000000c0000000  r9=fffff8a00fe89b00 r10=0000000000000801

r11=fffff8801778e028 r12=0000000000000000 r13=0000000000000000

r14=fffff8801778e270 r15=fffff8a00fe89b00

iopl=0         nv up ei pl zr na po nc

cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246

nt!SepMandatoryIntegrityCheck+0x6d:

fffff802`11b211cd 0fb74202        movzx   eax,word ptr [rdx+2] ds:002b:00000000`00001041=????

Resetting default scope

 

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

 

BUGCHECK_STR:  0x3B

 

PROCESS_NAME:  mcupdmgr.exe

 

CURRENT_IRQL:  0

 

LAST_CONTROL_TRANSFER:  from fffff80211b20aa0 to fffff80211b211cd

 

STACK_TEXT: 

fffff880`1778dfb0 fffff802`11b20aa0 : fffff880`1778e150 fffff8a0`0fe89b00 fffff880`1778e270 00000000`00000000 : nt!SepMandatoryIntegrityCheck+0x6d

fffff880`1778e030 fffff802`11b217b2 : 00000000`00000000 fffffa80`0a2f9010 fffff8a0`05456510 fffff802`11ea1fcd : nt!SeAccessCheckWithHint+0x120

fffff880`1778e1b0 fffff802`11ebb09a : 00000000`58ac2602 fffff8a0`09fc09fc fffffa80`0a2f9010 fffff8a0`0220f960 : nt!SeAccessCheck+0x62

fffff880`1778e220 fffff802`11ebb85d : 00000000`00000000 fffff8a0`047205d0 fffff880`1778e331 fffffa80`0a2f9010 : nt!CmpCheckKeyBodyAccess+0x12a

fffff880`1778e2b0 fffff802`11eb9945 : 00000000`c0000022 fffff8a0`041fc9f8 fffff8a0`008ee018 fffffa80`0a2f9010 : nt!CmpDoOpen+0x32d

fffff880`1778e370 fffff802`11e97a85 : 00000000`00000001 fffffa80`0a2f91d0 fffff880`0176d640 fffffa80`3045464d : nt!CmpParseKey+0x606

fffff880`1778e6f0 fffff802`11ea73f8 : 00000000`00000828 fffff880`1778e8b8 fffff8a0`00000040 fffffa80`04f44580 : nt!ObpLookupObjectName+0x806

fffff880`1778e840 fffff802`11ed2521 : 00000000`00000000 00000000`01ebb2a8 00000000`00000001 fffff802`11ed15bf : nt!ObOpenObjectByName+0x258

fffff880`1778e910 fffff802`11ed3f4b : ffffe112`677f5ab5 ffffe112`677f5ae5 00000000`01c96be0 00000000`01c83020 : nt!CmOpenKey+0x2a0

fffff880`1778eac0 fffff802`11ac7453 : 00000000`00000001 fffffa80`0a2dbb00 fffff880`1778eb80 00000000`01c96bb0 : nt!NtOpenKeyEx+0xf

fffff880`1778eb00 000007ff`4a6c3c4b : 000007ff`476a3e74 00000000`01ebb528 000007ff`00000000 00000000`00010000 : nt!KiSystemServiceCopyEnd+0x13

00000000`01ebb1c8 000007ff`476a3e74 : 00000000`01ebb528 000007ff`00000000 00000000`00010000 00000000`00000000 : ntdll!NtOpenKeyEx+0xa

00000000`01ebb1d0 000007ff`476a408d : 00004d35`e8dcd51a 00000000`00000828 00000000`021b0be0 00000000`00000001 : KERNELBASE!LocalBaseRegOpenKey+0x208

00000000`01ebb4e0 000007ff`476d06b9 : 00000000`00000828 00000000`00000000 00000000`00000000 00000000`00000002 : KERNELBASE!RegOpenKeyExInternalW+0x15d

00000000`01ebb570 000007f6`843bd303 : 00000000`000007b4 00000000`00000000 00000000`00000001 00000000`00000000 : KERNELBASE!RegDeleteTreeW+0xe1

00000000`01ebb5f0 00000000`000007b4 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`01cc5de0 : mcupdmgr+0x5d303

00000000`01ebb5f8 00000000`00000000 : 00000000`00000001 00000000`00000000 00000000`01cc5de0 000007f6`843bd7ef : 0x7b4

 

 

FOLLOWUP_IP:

nt!SepMandatoryIntegrityCheck+6d

fffff802`11b211cd 0fb74202        movzx   eax,word ptr [rdx+2]

 

SYMBOL_STACK_INDEX:  0

 

SYMBOL_NAME:  nt!SepMandatoryIntegrityCheck+6d

 

FOLLOWUP_NAME:  MachineOwner

 

MODULE_NAME: nt

 

IMAGE_NAME:  ntkrnlmp.exe

 

DEBUG_FLR_IMAGE_TIMESTAMP:  51a966cd

 

STACK_COMMAND:  .cxr 0xfffff8801778d5b0 ; kb

 

BUCKET_ID_FUNC_OFFSET:  6d

 

FAILURE_BUCKET_ID:  0x3B_nt!SepMandatoryIntegrityCheck

 

BUCKET_ID:  0x3B_nt!SepMandatoryIntegrityCheck

 

Followup: MachineOwner

---------

 

0: kd> lmvm

          ^ Non-empty string required in 'lmvm'

0: kd> lmvm nt

start             end                 module name

fffff802`11a6e000 fffff802`121ba000   nt         (pdb symbols)          c:\cache\ntkrnlmp.pdb\E2A28FBB5A694B22910DBF6F2F0CA7522\ntkrnlmp.pdb

    Loaded symbol image file: ntkrnlmp.exe

    Image path: ntkrnlmp.exe

    Image name: ntkrnlmp.exe

    Timestamp:        Fri May 31 23:13:17 2013 (51A966CD)

    CheckSum:         006B3AE4

    ImageSize:        0074C000

    File version:     6.2.9200.16628

    Product version:  6.2.9200.16628

    File flags:       0 (Mask 3F)

    File OS:          40004 NT Win32

    File type:        1.0 App

    File date:        00000000.00000000

    Translations:     0409.04b0

    CompanyName:      Microsoft Corporation

    ProductName:      Microsoft® Windows® Operating System

    InternalName:     ntkrnlmp.exe

    OriginalFilename: ntkrnlmp.exe

    ProductVersion:   6.2.9200.16628

    FileVersion:      6.2.9200.16628 (win8_gdr.130531-1504)

    FileDescription:  NT Kernel & System

    LegalCopyright:   © Microsoft Corporation. All rights reserved.

0: kd> lmvm mcupdmgr.exe

start             end                 module name

0: kd> lmvm mcupdmgr

start             end                 module name

000007f6`84360000 000007f6`844e7000   mcupdmgr   (no symbols)          

    Loaded symbol image file: mcupdmgr.exe

    Image path: c:\PROGRA~1\mcafee\msc\mcupdmgr.exe

    Image name: mcupdmgr.exe

    Timestamp:        Tue Aug 06 15:05:17 2013 (520148ED)

    CheckSum:         00184CBE

    ImageSize:        00187000

    File version:     12.8.737.0

    Product version:  12.8.0.0

    File flags:       0 (Mask 3F)

    File OS:          40004 NT Win32

    File type:        1.0 App

    File date:        00000000.00000000

    Translations:     0409.04b0

    CompanyName:      McAfee, Inc.

    ProductName:      McAfee SecurityCenter

    InternalName:     mcupdmgr

    OriginalFilename: mcupdmgr.exe

    ProductVersion:   12,8,0,0

    FileVersion:      12,8,737,0

    FileDescription:  McAfee Update Manager Service

    LegalCopyright:   Copyright © 2013 McAfee, Inc.

 

Message was edited by: cattleprod on 10/27/13 3:48:28 PM CDT

 

Message was edited by: cattleprod on 10/27/13 3:53:40 PM CDT

 

Message was edited by: cattleprod on 10/27/13 3:56:02 PM CDT

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points