6 Replies Latest reply on Dec 5, 2013 2:29 PM by wwarren

    Failure Audit-Event ID : 560 -Object Name:C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn

    Nand Kumar Lohar

      Hi Guys,



           I am using a Microsoft Server 2003 for hosting a asp application in .NET framework 1.1. My application was working perfectly until I was using McAfee VisrusScan Enterprise with patch 1. Once I installed patch 2 for the McAfee, My application started giving 500 - Internal error. When I checked the security log, I found there are several entries for Audit failure. Below is the Event details -



      Event Type:          Failure Audit

      Event Source:          Security

      Event Category:          Object Access

      Event ID:          560

      Date:           04/12/2013

      Time:           19:42:07

      User:           SERVER_NAME\IUSR_XXXXX

      Computer:          Server Name


      Object Open:

                 Object Server:          Security

                 Object Type:          File

                 Object Name:          C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131015112835.dll

                 Handle ID:          -

                 Operation ID:          {0,762633334}

                 Process ID:          5036

                 Image File Name:          C:\WINDOWS\system32\inetsrv\w3wp.exe

                 Primary User Name:          IWAM_XXXXX

                 Primary Domain:          Server Name

                 Primary Logon ID:          (0x0,0x2A609C9F)

                 Client User Name:          IUSR_XXXXX

                 Client Domain:          Server Name

                 Client Logon ID:          (0x0,0x2D73A2ED)

                 Accesses:          SYNCHRONIZE



                 Privileges:          -

                 Restricted Sid Count:          0

                 Access Mask:          0x100020



      For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.





      Temporary solution: When I am adding IUSR_XXXXX and  IWAM_XXXXX to Administrator group, application started working. But this not the feasible solution. Could you please help me if there is any permanent solution.


      Looking for permanent solution with less risk involvement


      Thanks in advance.


      Message was edited by: nandkrlohar on 12/5/13 1:47:34 PM CST