VirusScan Enterprise 事件不会使用 SQL 2019 兼容性级别(150)进行解析
技术文章 ID:
KB92701
上次修改时间: 2023/04/28
环境
ePO Orchestrator (ePO) 5.10.x
VirusScan Enterprise (VSE) 8.8.x
Microsoft SQL Server 2019 (RTM)- 15.0.2000.5 (X64)
问题
VSE 事件不会解析 SQL Server 2019 和兼容性级别设置为 150 。
系统使用 VSE 8.8 Patch 14 扩展 8.8.0.732 和 1.2.0.452.
EventParser_systemname.log records the following 错误:
X #05988 EVNTPRSR source\server.cpp(1015): Processing <VirusDetectionEvent>, C:\PROGRA~2\McAfee\EPOLIC~1\DB\Events\61fe5a53-eee4-443f-957a-7c69e0b1ccb9-mc_20200413035946291795200000E98.txml.
X #05988 EPODAL ePOData_Connection.cpp(590): ssl Authenticate mode is 1
E #05988 VseBll DAL->ExecQuery failed. hr=80004005
E #05988 EVNTPRSR source\server.cpp(1064): COM Error 0x80004005, source=(null), desc=(null), msg=Unspecified error
E #05988 EVNTPRSR source\server.cpp(1128): Failed to process file C:\PROGRA~2\McAfee\EPOLIC~1\DB\Events\61fe5a53-eee4-443f-957a-7c69e0b1ccb9-mc_20200413035946291795200000E98.txml, XML file error count 1
在 SQL server 上的日志文件夹(默认: C:\Program Files\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQL\LOG\ )中,记录的 ERROR.log 错误类似于以下内容:
spid70 Stack Signature for the dump is 0x00000000215601CF
spid70 Dump request is dismissed (stack signature 0x00000000215601CF).
Server Error: 17310, Severity: 20, State: 1.
Server A user request from the session with SPID 70 generated a fatal exception. SQL Server is terminating this session. Contact Product Support Services with the dump produced in the log directory.
spid70 CImageHelper::Init () Version-specific dbghelp.dll is not used
spid70 ***Stack Dump being sent to C:\Program Files\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQL\LOG\SQLDump0019.txt
spid70 SqlDumpExceptionHandler: Process 70 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is terminating this process.
spid70 * *******************************************************************************
spid70 *
spid70 * BEGIN STACK DUMP:
spid70 * 04/13/20 04:53:55 spid 70
spid70 *
spid70 *
spid70 * Exception Address = 00007FF907AA1205 Module(sqllang+0000000000221205)
spid70 * Exception Code = c0000005 EXCEPTION_ACCESS_VIOLATION
spid70 * Access Violation occurred reading address 0000000000000028
spid70 * Input Buffer 510 bytes -
spid70 * Exec VSE_InsertVirusDetectionEvent @AgentGUID='5774a602-7d22-
spid70 * 11ea-3510-005056aca64b',@UserName=N'CDA\cdaauto',@MachineName=N'771W10RS
spid70 * 4X6401',@OSName=N'Windows 8 Workstation',@IPAddress=N'10.26.97.153',@Tim
spid70 * eZoneBias=420,@ProductFamily=N'TVD',@ProductName=N'VirusScan Enterprise'
spid70 * ,@ProductVersion=N'8.8',@ScannerType=N'OAS',@TaskName=N'OAS',@EngineVers
spid70 * ion=N'6010.8670',@DATVersion=N'9589.0000',@LocalTime={ts '2020-04-13 03:
spid70 * 59:46'},@UTCTime={ts '2020-04-13 10:59:46'},@lEventID=1278,@Severity=3,@
spid70 * FileName=N'C:\Users\cdaauto\Desktop\sahas.com',@VirusName=N'Installation
spid70 * Check',@lVirusType=6,@szVirusType=N'test',@SensitivityLevel=N'_',@Sourc
spid70 * e=N'C:\Windows\System32\notepad.exe',@MD5=N'0d69e58385c4e47aa0ab6bd4983a
spid70 * 7f89'
在 SQL server 日志文件夹中会创建大量的转储文件,名称 SQLDumpXXXX.txt 中的 XXXX 是数字。这些记录会记录以下错误:
SQL Server is terminating this process.
****************************************
*
* BEGIN STACK DUMP:
* 04/13/20 03:03:38 spid 70
*
*
* Exception Address = 00007FF907AA1205 Module(sqllang+0000000000221205)
* Exception Code = c0000005 EXCEPTION_ACCESS_VIOLATION
* Access Violation occurred reading address 0000000000000028
* Input Buffer 510 bytes -
* Exec VSE_InsertVirusDetectionEvent @AgentGUID='5774a602-7d22-
* 11ea-3510-005056aca64b',@UserName=N'CDA\cdaauto',@MachineName=N'771W10RS
* 4X6401',@OSName=N'Windows 8 Workstation',@IPAddress=N'10.26.97.153',@Tim
* eZoneBias=420,@ProductFamily=N'TVD',@ProductName=N'VirusScan Enterprise'
* ,@ProductVersion=N'8.8',@ScannerType=N'OAS',@TaskName=N'OAS',@EngineVers
* ion=N'6010.8670',@DATVersion=N'9589.0000',@LocalTime={ts '2020-04-13 03:
* 03:18'},@UTCTime={ts '2020-04-13 10:03:18'},@lEventID=1278,@Severity=3,@
* FileName=N'C:\Users\cdaauto\Desktop\rgc.com',@VirusName=N'Installation C
* heck',@lVirusType=6,@szVirusType=N'test',@SensitivityLevel=N'_',@Source=
* N'C:\Windows\System32\notepad.exe',@MD5=N'0d69e58385c4e47aa0ab6bd4983a7f
* 89'
*
原因
问题出现在 SQL Server 2019 基本版本中。它在二进制串联上执行内部函数时失败。
解决方案
该问题在 SQL Server 2019 累积更新6(CU6)或更高版本中得以解决。
解决方法
将 SQL 兼容性级别更改为 SQL 2017(140) 。
执行以下步骤:
- 打开Microsoft SQL Server Management Studio, 并展开数据库。
- 选择主 ePO 数据库,右键单击,然后选择 属性。
- 单击兼容性级别下的选项选项卡。
- 单击下拉列表,然后选择 SQL 2017(140).
- 对 ePO 事件数据库重复此过程。
将兼容性级别更改为 SQL2017 (140)后,会对事件进行分析。
免责声明
本文内容源于英文。如果英文内容与其翻译内容之间存在差异,应始终以英文内容为准。本文部分内容是使用 Microsoft 的机器翻译技术进行翻译的。
|
