0 Replies Latest reply on Sep 28, 2016 8:53 AM by twenden

    Issues with virus events going into event debug folder on ePO 5.32 with ENS 10.2.1 Threat Prevention for Mac

    twenden

      Got a really strange issue with the latest ENS 10.2.1 Threat Prevention for Mac. This software we installed on both our test and production ePO 5.3.2 server to support the new MacOS 10.12 (Sierra). On the test ePO server, we have no issue receiving virus alerts from ENS using the eicar test virus. We get both the automatic email response and see the virus alert in our ePO dashboard. However, on our production ePO server, these events are ending up in the debug folder (db\events\debug). We had this issue several months ago when we were testing ENS for Windowson our test ePO server. This was fixed by running following KB867071 which tells you to run some SQL queries. I did this on the production server but still have the issues with virus events going to debug folder. 

       

      1st Query

       

      USE [EPO4_TEST];
      DROP USER [TEST\epomanager];

       

      2nd Query

       

      ALTER AUTHORIZATION
      ON DATABASE::[
      EPO4_TEST]
      TO [TEST\epomanager];

       

       

      In the event parser log we are getting the errors listed below;

       

      20160928080954    I    #06428    PLUGNMGR    Loading: C:\PROGRA~1\MCAFEE\EPOLIC~1\DB\PLUGIN\EPOSRV__4000\EPOEVENTS.481862298.DLL

      20160928080954    I    #06428    PLUGNMGR    Loaded: C:\PROGRA~1\MCAFEE\EPOLIC~1\DB\PLUGIN\EPOSRV__4000\EPOEVENTS.481862298.DLL

      20160928080954    E    #06428    EPOEVENTS    epoevents_dao.cpp(345): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents_dao.cpp(821): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents_dao.cpp(856): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents.cpp(46): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents.cpp(66): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EVNTPRSR    source\server.cpp(1106): COM Error 0x80040E07, source=(null), desc=(null), msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents_dao.cpp(345): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents_dao.cpp(821): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents_dao.cpp(856): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents.cpp(46): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents.cpp(66): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EVNTPRSR    source\server.cpp(1106): COM Error 0x80040E07, source=(null), desc=(null), msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents_dao.cpp(345): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents_dao.cpp(821): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents_dao.cpp(856): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents.cpp(46): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EPOEVENTS    epoevents.cpp(66): COM Error 0x80040E07, source=Microsoft OLE DB Provider for SQL Server, desc=Error converting data type nchar to uniqueidentifier., msg=IDispatch error #3079

      20160928080954    E    #06428    EVNTPRSR    source\server.cpp(1106): COM Error 0x80040E07, source=(null), desc=(null), msg=IDispatch error #3079

      20160928080954    E    #06428    EVNTPRSR    source\server.cpp(1169): Failed to process file C:\PROGRA~1\McAfee\EPOLIC~1\DB\Events\2dca5152-5be3-4632-87e4-72261235bd5d-mc_m cENDP_AM_1000MACX52796711721dYSXJxt.xml.

      20160928081155    I    #05356    EVNTPRSR    Succeeded <UpdateEvents>, C:\PROGRA~1\McAfee\EPOLIC~1\DB\Events\f9edbcae-7cb4-4e6b-b11f-02a778d79796-mc_2 01609280806496854294957873000007F4.xml.

      20160928081212    E    #06428    NAIMCOMN    source\naimutil.cpp(167): Unrecognized IP address format: ""

       

      Not too sure what all this means but want to get it fixed. Has anyone else seen this and know how to fix.