1 Reply Latest reply on Apr 29, 2015 8:23 AM by c14us

    On-Demand Scan behaviour during DAT update (VSE8.8 P2)

    aus_mick

      All,

       

      Just wondering if anybody else has observed the same behaviour with a scheduled On-Demand Scan task that is running when a DAT update occurs in VirusScan Enterprise 8.8 Patch 2. According to the McAfee KB article KB71642 if a DAT or Engine update occurs while an ODS task is running the scan will pause and wait for the update to complete and then resume scanning after it has reloaded the new DAT/Engine.

       

      We have found that on some machines after the DAT update completes the McShield.exe process is restarted which causes the ODS task to terminate. As I understand as part of McAfee's attempt to optimise scanning under VSE8.8 the ODS processes (Scan32.exe / Scan64.exe) now offload scanning of some files to any available threads of the OAS process (McShield.exe). I'm assuming as a result of this programming change the status of McShield can have an affect on the ODS task. I understand that McShield needs to reload DAT/Engine into memory, what I struggle with is the background logic that causes the ODS task to terminate early. This is not desirable as it means that the the full system scan does not complete in its entirety. Also it is not documented anywhere if an ODS task that terminates if on the next schedule run will resume for the last scanned file, unfortunately I am only able to find documentation around the incremental scanning feature in the context of a scheduled ODS that is cancelled due to exceeding any time-based restrictions configured in the client task. The risk here is that there are potentially areas of the file system remain un-scanned for multiple iterations of the schedule ODS task until it can complete successfully in full.

       

      I have included extracts from the OnDemandScanLog.txt, McScript.log and Windows Event Log from a machine that is exhibiting this behaviour. I have raised a case to McAfee Gold support but they weren't particularly helpful. I'm hoping that somebody else has encountered this problem and developed a fix/workaround. I appreciate any feedback or insights anybody can provide to a very frustrating situation.

       

      Thanks,

      Mick

       

       

      OnDemandscanLog.txt extract

       

      26/04/2015    11:00:18 PM        Engine version                          =    5700.7163

      26/04/2015    11:00:18 PM        AntiVirus   DAT version                 =    7781.0

      26/04/2015    11:00:18 PM        Number of detection signatures in EXTRA.DAT =    None

      26/04/2015    11:00:18 PM        Names of detection signatures in EXTRA.DAT  =    None

      26/04/2015    11:00:18 PM    Scan Started    ABCTEST\TEST_PC$    (managed) Run Weekly Scan on all VSE 8.8 Workstations (Day 2)

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Scan Summary

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Processes scanned    : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Processes detected   : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Processes cleaned    : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Boot sectors scanned : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Boot sectors detected: 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Boot sectors cleaned : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Files scanned        : 4691

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Files with detections: 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    File detections      : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Files cleaned        : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Files deleted        : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Files not scanned    : 3

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Scan Summary (Registry Scanning)

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Keys scanned         : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Keys detected        : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Keys cleaned         : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Keys deleted         : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Scan Summary (Cookie Scanning)

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Cookies scanned      : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Cookies detected     : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Cookies cleaned      : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Cookies deleted      : 0

      27/04/2015    1:55:31 AM    Scan Summary    ABCTEST\TEST_PC$    Run time             : 2:55:13

      27/04/2015    1:55:31 AM    Scan Terminated    ABCTEST\TEST_PC$    (managed) Run Weekly Scan on all VSE 8.8 Workstations (Day 2)

       

        

      McScript.log extract

       

      2015-04-27 01:55:18.720    I    #4012    ScrptMain    START [C:\Program Files\McAfee\Common Framework\McScript_InUse.exe -script C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\UpdateMain.McS -id 22103 -localeid 0c09 -parent FRAMEWORK -logfile C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\DB\McScript -initiator 1 -ipcid \\.\pipe\upda02720 -installdir C:\Program Files\McAfee\Common Framework]

      2015-04-27 01:55:18.730    I    #3052    SutDnWtch    Successfully set up shutdown watch

      2015-04-27 01:55:18.800    I    #4012    MueEep    Initializing MUE EEP with IPC ID = \\.\pipe\upda02720 Script ID = 22103

      2015-04-27 01:55:18.800    I    #4012    ipcchannel    Connecting to IPC server

      2015-04-27 01:55:18.840    I    #4012    persite    Cache file location = C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\sitecache.bin

      2015-04-27 01:55:18.840    I    #4012    persite    Cabundle file location = C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\cabundle.cer

      2015-04-27 01:55:18.890    I    #4012    Cryptshim    Initializing crypto library

      2015-04-27 01:55:18.890    I    #4012    Cryptshim    Using C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\keystore as keystore path

      2015-04-27 01:55:18.890    I    #4012    Cryptshim    Using C:\Program Files\McAfee\Common Framework\Mue.sig as exe signature file path

      2015-04-27 01:55:19.141    I    #4012    MfeCryptC    RSA version : NIST Library Version 2.1.0.0

      2015-04-27 01:55:19.141    I    #4012    MfeCryptC    

      2015-04-27 01:55:19.141    I    #4012    MfeCryptC    RSA crypto role : User Role

      2015-04-27 01:55:19.141    I    #4012    MfeCryptC    

      2015-04-27 01:55:19.141    I    #4012    MfeCryptC    RSA crypto mode : NON-FIPS Mode

      2015-04-27 01:55:19.141    I    #4012    MfeCryptC    

      2015-04-27 01:55:19.231    I    #4012    Cryptshim    Successfully initialized crypto library

      2015-04-27 01:55:19.281    I    #4012    ScrptLpc    Saving hash to registry

      2015-04-27 01:55:19.281    I    #4012    LpcConnMgr    Initializing lpc data

      2015-04-27 01:55:19.281    I    #4012    LpcConnMgr    Registering software id CMNUPD__3000 with a hash value of 1496913389

      2015-04-27 01:55:19.281    I    #4012    LpcConnMgr    Starting lpc connection manager

      2015-04-27 01:55:19.281    I    #4012    LpcConnMgr    Setting up watchdog component

      2015-04-27 01:55:19.281    I    #3892    WatchDog    Running scheduled health check

      2015-04-27 01:55:19.501    I    #3892    WatchDog    Signalling lpc availability to registrants.

      2015-04-27 01:55:19.501    I    #3892    LpcConnMgr    Invoking lpc revalidation on lpc available

      2015-04-27 01:55:19.501    I    #3892    LpcConnMgr    Cleaning up message queue

      2015-04-27 01:55:19.501    I    #2688    MsgPoll    starting poll thread for message queue

      2015-04-27 01:55:19.501    I    #2688    MsgPoll    signalled start to message queue

      2015-04-27 01:55:19.501    I    #2688    MsgPoll     Registering client channel for message type 1496913389 extended id 474185642 client id 2088293941

      2015-04-27 01:55:19.501    I    #2688    MsgPoll    Registering  client software id CMNUPD__3000:DEFAULT:1528 with lpc server

      2015-04-27 01:55:19.721    I    #2688    MsgQueue    Adding channel for message queue 1496913389 extended software id hash 474185642 client id 2088293941

      2015-04-27 01:55:19.721    I    #2688    MsgQueue    Channel added to message queue successfully

      2015-04-27 01:55:19.721    I    #2688    MsgQueue    Getting message from message queue

      2015-04-27 01:55:19.721    I    #3892    WatchDog    Done signalling lpc availability to registrants.

      2015-04-27 01:55:19.721    I    #4012    LPCConfig    Waiting LPC server availability

      2015-04-27 01:55:19.721    I    #4012    LPCConfig    LPC server is now available

      2015-04-27 01:55:19.721    I    #4012    ScrptLpc    LPC frame work for update engine succeeded

      2015-04-27 01:55:19.721    I    #4012    ScrptLpc    Successfully registered LPC UpdateCallback interface

      2015-04-27 01:55:19.731    I    #4012    naInet    HTTP Session initialized

      2015-04-27 01:55:19.731    I    #4012    imsite        Download to: C:\WINDOWS\TEMP\SiteStat.xml

      2015-04-27 01:55:19.731    I    #4012    imsite        Download from: (ePOSA_MYREPOSITORY) SiteStat.xml

      2015-04-27 01:55:19.751    I    #4012    naInet    Open URL: http://10.96.0.21:8081/Software/SiteStat.xml

      2015-04-27 01:55:19.791    I    #4012    creposi    Download returncode : 0

      2015-04-27 01:55:19.791    I    #4012    creposi    Download returncode : 0

      2015-04-27 01:55:19.942    I    #4012    SessMgr    Using repository ePOSA_MYREPOSITORY for script

      2015-04-27 01:55:19.942    I    #4012    ScrptMgr    Loading and parsing:  C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\UpdateMain.McS

      2015-04-27 01:55:20.192    I    #4012    ScrptMgr    Initializing update...

      2015-04-27 01:55:20.202    I    #4012    ScrptMgr    Verifying catalog.z.

      2015-04-27 01:55:20.232    I    #4012    ScrptMgr    Extracting catalog.z.

      2015-04-27 01:55:20.322    I    #4012    ScrptMgr    Loading update configuration from: catalog.xml

      2015-04-27 01:55:21.354    I    #4012    ScrptMgr    These updates will be applied if they are in the repository:  DAT.

      2015-04-27 01:55:21.364    I    #4012    ScrptMgr    Downloading PkgCatalog.z.

      2015-04-27 01:55:21.364    I    #4012    imsite        Download to: C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000\PkgCatalog.z

      2015-04-27 01:55:21.374    I    #4012    imsite        Download from: (ePOSA_MYREPOSITORY) Current/VSCANDAT1000/DAT/0000/PkgCatalog.z

      2015-04-27 01:55:21.394    I    #4012    naInet    Open URL: http://10.96.0.21:8081/Software/Current/VSCANDAT1000/DAT/0000/PkgCatalog.z

      2015-04-27 01:55:21.424    I    #4012    creposi    Download returncode : 0

      2015-04-27 01:55:21.424    I    #4012    creposi    Download returncode : 0

      2015-04-27 01:55:21.424    I    #4012    ScrptMgr    Verifying PkgCatalog.z.

      2015-04-27 01:55:21.444    I    #4012    ScrptMgr    Extracting PkgCatalog.z.

      2015-04-27 01:55:21.474    I    #4012    ScrptMgr    Loading update configuration from: PkgCatalog.xml

      2015-04-27 01:55:22.495    I    #4012    ScrptMgr    Verifying V2datdet.mcs.

      2015-04-27 01:55:22.495    I    #4012    ScrptMgr    Setting the working dir as C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000

      2015-04-27 01:55:22.495    I    #4012    ScrptMgr    Loading and parsing:  C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000\V2datdet.mcs

      2015-04-27 01:55:22.726    I    #4012    ScrptMgr    Setting the working dir as C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000

      2015-04-27 01:55:22.726    I    #4012    ScrptMgr    Setting the working dir as C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000

      2015-04-27 01:55:22.726    I    #4012    ScrptMgr    Setting the working dir as C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000

      2015-04-27 01:55:22.726    I    #4012    ScrptMgr    Setting the working dir as C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000

      2015-04-27 01:55:22.726    I    #4012    ScrptMgr    Setting the working dir as C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000

      2015-04-27 01:55:22.726    I    #4012    ScrptMgr    Setting the working dir as C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000

      2015-04-27 01:55:22.726    I    #4012    ScrptMgr    Setting the working dir as C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000

      2015-04-27 01:55:22.726    I    #4012    ScrptMgr    Setting the working dir as C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000

      2015-04-27 01:55:22.726    I    #4012    ScrptMgr    Setting the working dir as C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000

      2015-04-27 01:55:22.726    I    #4012    UpdatePlugin    Initializing update plugin: {9BE8D8A1-2DB5-4A29-A95F-50C8B27820DA}

      2015-04-27 01:55:22.786    I    #4012    UpdatePlugin    QI:succeeded on McAfeePointProduct Update Plugin Interface.

      2015-04-27 01:55:22.786    E    #4012    ScrptExe    Error trace:

      2015-04-27 01:55:22.786    E    #4012    Thread     [Main thread]->

      2015-04-27 01:55:22.786    E    #4012    SessMgr     [SessionManager::runScript:C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\UpdateMain.McS]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Executing section ScriptMain]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [CallIf]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Executing section StartUpdateProcess]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Call]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Executing section DetectInstalledProductsAndUpdate]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Call]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Executing section GetDetectionScripts]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Call]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Executing section FindAndExecuteDetectionScripts]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [LoopIf]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Executing section EnumerateThroughProductIDList]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [LoopIf]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Executing section EnumerateThroughFile]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Call]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Executing section ExecuteDetectionScript]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Line 603:  RunScript dwRet = C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000\V2datdet.mcs, ScriptMain]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Executing section ScriptMain]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [LoopIf]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Executing section EnumerateThroughProducts]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Call]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Executing section DoesProductNeedUpdate]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [CallIf]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Executing section SetInstalledVersionsUsingRegistry]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Call]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [Executing section SetInstalledVersions]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe     [GetProductInfo]->

      2015-04-27 01:55:22.786    E    #4012    ScrptExe      Failed to get the product information.  Setting usingEarlyRelDats to FALSE

      2015-04-27 01:55:22.796    I    #4012    ScrptMgr    Stopping McShield.

      2015-04-27 01:55:31.899    I    #4012    ScrptMgr    Starting McShield.

      2015-04-27 01:55:49.464    I    #4012    UpdatePlugin    Initializing update plugin: {9BE8D8A1-2DB5-4A29-A95F-50C8B27820DA}

      2015-04-27 01:55:49.564    I    #4012    UpdatePlugin    QI:succeeded on McAfeePointProduct Update Plugin Interface.

      2015-04-27 01:55:49.644    E    #4012    ScrptExe    Error trace:

      2015-04-27 01:55:49.644    E    #4012    Thread     [Main thread]->

      2015-04-27 01:55:49.644    E    #4012    SessMgr     [SessionManager::runScript:C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\UpdateMain.McS]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section ScriptMain]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [CallIf]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section StartUpdateProcess]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Call]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section DetectInstalledProductsAndUpdate]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Call]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section GetDetectionScripts]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Call]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section FindAndExecuteDetectionScripts]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [LoopIf]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section EnumerateThroughProductIDList]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [LoopIf]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section EnumerateThroughFile]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Call]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section ExecuteDetectionScript]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Line 603:  RunScript dwRet = C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000\V2datdet.mcs, ScriptMain]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section ScriptMain]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [LoopIf]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section EnumerateThroughProducts]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Call]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section DoesProductNeedUpdate]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [CallIf]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section SetInstalledVersionsUsingRegistry]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [CallIf]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section RestartMcShieldIfRequired]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Call]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [Executing section SetInstalledVersions]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe     [GetProductInfo]->

      2015-04-27 01:55:49.644    E    #4012    ScrptExe      Failed to get the product information.  Setting usingEarlyRelDats to FALSE

      2015-04-27 01:55:49.644    I    #4012    UpdatePlugin    Initializing update plugin: {9BE8D8A1-2DB5-4A29-A95F-50C8B27820DA}

      2015-04-27 01:55:49.644    I    #4012    UpdatePlugin    QI:succeeded on McAfeePointProduct Update Plugin Interface.

      2015-04-27 01:55:49.664    I    #4012    ScrptMgr    Product(s) running the latest DATs.

      2015-04-27 01:55:49.664    I    #4012    ScrptMgr    Setting the working dir as C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000

      2015-04-27 01:55:49.664    I    #4012    ScrptMgr    Setting the working dir as C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework

      2015-04-27 01:55:50.025    I    #4012    ScrptMgr    Update Finished

      2015-04-27 01:55:50.025    I    #4012    MueEep    Invoking EndUpdateDialog withTitle " Update Finished" Message " Please check the update log for more details." CountdownMessage " Auto close in" CountdownValue" 10" 

      2015-04-27 01:55:50.025    I    #4012    ScrptExe    Attempting to run OnExit section on current script

      2015-04-27 01:55:50.035    I    #4012    MueEep    Invoking EndUpdateDialog withTitle " Update Finished" Message " Please check the update log for more details." CountdownMessage " Auto close in" CountdownValue" 10" 

      2015-04-27 01:55:50.055    I    #4012    ScrptMain    Run script return code: 0

      2015-04-27 01:55:50.055    I    #4012    ScrptMain    McAfee Update Engine is exiting with return code: 0

      2015-04-27 01:55:50.055    I    #4012    naInet    HTTP Session closed

      2015-04-27 01:55:50.055    I    #4012    MueEep    Invoking events withEventId " 0" Severity " 0" Productid " EPOAGENT3000" Locale " 0c09" UpdateType " N/A" UpdateError " 0" New Version " N/A" Date Time " N/A" Script Id" 22103" 

      2015-04-27 01:55:50.626    I    #4012    LpcConnMgr    Stopping lpc connection manager

      2015-04-27 01:55:50.626    I    #4012    LpcConnMgr    Cleaning up watchdog instance

      2015-04-27 01:55:50.626    I    #4012    WatchDog    Stopping watchdog monitor

      2015-04-27 01:55:50.636    I    #4012    LpcConnMgr    Done cleaning up watchdog instance

      2015-04-27 01:55:50.636    I    #4012    LpcConnMgr    Triggering lpc unavailable 

      2015-04-27 01:55:50.636    I    #4012    LpcConnMgr    Invoking lpc revalidation on lpc unavailable 

      2015-04-27 01:55:50.636    I    #4012    MsgPoll    Setting stop to message poll thread

      2015-04-27 01:55:50.636    I    #4012    MsgPoll     Unregistering client channel for message type 1496913389 extended id 474185642 client id 2088293941

      2015-04-27 01:55:50.746    I    #2688    MsgQueue    No data available in message queue channel

      2015-04-27 01:55:50.746    I    #4012    MsgQueue    Aborting message queue operation

      2015-04-27 01:55:50.746    I    #2688    MsgPoll    stopping message queue poll thread

      2015-04-27 01:55:50.746    I    #4012    MsgQueue    Cleaning up message queue

      2015-04-27 01:55:50.746    I    #4012    MfeLpcFactory    Successfully released mfelpc objects

      2015-04-27 01:55:50.786    I    #4012    MueEep    Deinitializing entry execution point

      2015-04-27 01:55:50.786    I    #4012    MueEep    Deinitializing container

      2015-04-27 01:55:50.786    I    #4012    ipcchannel    Closing IPC connection

      2015-04-27 01:55:50.786    I    #4012    MueEep    Deleting container

      2015-04-27 01:55:50.996    I    #4012    Thread    Exit program

       

       

        Windows Event Log extract

       

      Event Type:    Information

      Event Source:    McLogEvent

      Event Category:    None

      Event ID:    5000

      Date:        27/04/2015

      Time:        1:55:47 AM

      User:        NT AUTHORITY\SYSTEM

      Computer:    TEST_PC

      Description:

      McShield service started.

      Engine version : 5700.7163

      DAT version : 7782.0000

       

      Number of signatures in EXTRA.DAT : None

      Names of threats that EXTRA.DAT can detect : None