Il tuo host soffre di prestazioni lente. Durante le indagini, vedi che
mvserver.exe e
McShield.exe mostrano costantemente un elevato utilizzo della CPU.
Il task manager mostra che
mvserver.exe e
McShield.exe consumano quasi il 70-80% dell'utilizzo della CPU.
Vengono visualizzati i seguenti errori nel
registro di debug (
\Program Files (x86)\McAfee\MOVE AV Server\).
Viene visualizzato un gran numero di istruzioni di registrazione della scansione SFT, come segue:
U.1456.6468: Jun 21 2022:13:23:00.357: DETAIL: avs_amcore_istream_implement.cpp: 480: AVIORQ_READ file: offset: 36306944 : bytes: 131072 : file: \Device\HarddiskVolume1\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
U.1456.4052: Jun 21 2022:13:23:00.388: INFO: avs_amcore_scanner.cpp: 594: 10.17.192.13: Scanned \\?\X:\McAfee\MOVE AV Server\scanfiles\22444\EnquiryAppList1[1].htm, Result 0
U.1456.10852: Jun 21 2022:13:23:00.388: DETAIL: avs_amcore_scanner.cpp: 548: File \\?\X:\McAfee\MOVE AV Server\scanfiles\32652\CSXSRRVVQXFJPE9VA7OI.temp is clean
U.1456.2984: Jun 21 2022:13:23:00.450: DETAIL: avs_amcore_istream_implement.cpp: 480: AVIORQ_READ file: offset: -1374683136 : bytes: 131072 : file: \Device\HarddiskVolume1\Windows\Temp\WinSAT\96363c3a-7831-42d5-9519-57add868cf65\TempWinSAT-Disk-2022-06-17-22-45-01-71.
U.1456.3920: Jun 21 2022:13:23:06.216: INFO: svc_socket.c: 2613: Processed req: SMART FILE TRANSFER, from 10.17.194.22, for file: \Device\HarddiskVolume1\Users\wbaiswar\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat of size: 44040192 with cksum: . cksum resp: NO_ENTRY, File scan resp: CLEAN, err code: 0. total req time: 0.191406 sec, thread wait time: 0.000004 (s).
Viene visualizzato un offset del file errato:
The offset 1692532736 translates to a file size of 1.57 GB. The actual size of
libcef.dll is 116 MB. This value clearly indicates that the offset is invalid.
U.1456.4408: Jun 21 2022:13:33:32.311:
DETAIL: avs_amcore_istream_implement.cpp: 480:
AVIORQ_READ file: offset: 1692532736 : bytes: 131072 :
file: \Device\HarddiskVolume1\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
AMTrace log contiene i seguenti errori:
09:30:04.4054559, 0.090765, 0, 4572, 4300, COMMON_SCAN.CS_SCANNERS, CS Lua script logging: Setting name to \Device\ImDisk0\McAfee\MOVE AV Server\scanfiles\7008\2406bf92-6d66c42b.idx
09:30:04.4054702, 0.090779, 0, 4572, 4300, COMMON_SCAN.CS_SCANNERS, Casper Callback : message 33685505
09:30:04.4060210, 0.091330, 0, 4572, 4300, COMMON_SCAN.CS_SCANNERS, Engine Callback : objectName X:\McAfee\MOVE AV Server\scanfiles\7008\2406bf92-6d66c42b.idx
09:30:04.4060216, 0.091331, 0, 4572, 4300, COMMON_SCAN.CS_SCANNERS, Engine Callback : returned 0
09:30:04.4060244, 0.091333, 0, 4572, 4300, COMMON_SCAN.CS_SCANNERS, Engine Callback : scannerID 16777828
09:30:04.4060256, 0.091334, 0, 4572, 4300, COMMON_SCAN.CS_SCANNERS, Engine Callback : message 1031
09:30:04.4060598, 0.091368, 0, 4572, 4300, COMMON_SCAN.CS_SCANNERS, CS Lua script logging: Engine Callback received : AVM_QUERYDENYSCAN (7)
09:30:04.4060655, 0.091374, 0, 4572, 4300, COMMON_SCAN.CS_SCANNERS, CS Lua script logging: Received AVM_QUERYDENYSCAN
09:30:04.4060735, 0.091382, 0, 4572, 4300, COMMON_SCAN.CS_SCANNERS, CS Lua script logging: SendHeartbeat, timeout = 5000
09:30:04.4035839, 0.088893, 0, 4572, 4300, COMMON_SCAN.CS_SCANNERS, CS Lua script logging: Performing file scan: \Device\ImDisk0\McAfee\MOVE AV Server\scanfiles\7008\2406bf92-6d66c42b.idx
09:30:04.4779504, 0.163259, 0, 4572, 4300, COMMON_SCAN.CS_SCANNERS, CS Lua script logging: Performing file scan: \Device\ImDisk0\McAfee\MOVE AV Server\scanfiles\7008\6533d6d6-26d2d5a0.idx
09:30:04.5109328, 0.196242, 0, 4572, 4300, COMMON_SCAN.CS_SCANNERS, CS Lua script logging: Performing file scan: \Device\ImDisk0\McAfee\MOVE AV Server\scanfiles\3520\ntuser.dat
09:30:04.5446679, 0.229976, 0, 4572, 4300, COMMON_SCAN.CS_SCANNERS, CS Lua script logging: Performing file scan: \Device\ImDisk0\McAfee\MOVE AV Server\scanfiles\3520\ntuser.dat.LOG1
09:30:04.5501136, 0.235422, 0, 4572, 4992, COMMON_SCAN.CS_SCANNERS, CS Lua script logging: Performing file scan: \Device\ImDisk0\McAfee\MOVE AV Server\scanfiles\7008\6533d6d6-26d2d5a0.idx
09:30:09.9171290, 5.602438, 0, 4572, 4992, COMMON_SCAN.CS_SCANNERS, CS Lua script logging: Performing file scan: \Device\ImDisk0\McAfee\MOVE AV Server\scanfiles\6492\~WRS{639A7FDE-764C-4161-9E01-D5971B1C833D}.tmp
09:30:21.6010097, 17.286318, 0, 4572, 4992, COMMON_SCAN.CS_SCANNERS, CS Lua script logging: Performing file scan: \Device\ImDisk0\McAfee\MOVE AV Server\scanfiles\3520\CSCB7164A6166574F5FB2D34B5810EE9B3C.TMP
Il
McScript.log mostra che l'aggiornamento
AMcore dal server MOVE OSS non riesce poiché la scansione è in un ciclo:
<...>
2022-05-14 18:31:11 E #2304 downloader UpdateCallbackMsgbus::extractResponse, Failed to get the update info sync from update info.
<...>
2022-05-14 20:55:18 E #448 mue Process is down, looping until its up
<...>
2022-05-15 18:32:09 E #2832 ScrptExe [Line 626: RunScript dwRet = C:\ProgramData\McAfee\Agent\\Current\AMCORDAT2000\amcore.mcs, ScriptMain]->
2022-05-15 18:32:09 E #2832 ScrptExe [Executing section ScriptMain]->
2022-05-15 18:32:09 E #2832 ScrptExe [Call]->
2022-05-15 18:32:09 E #2832 ScrptExe [Executing section RunUpdate]->
2022-05-15 18:32:09 E #2832 ScrptExe [GetProductInfo]->
2022-05-15 18:32:09 E #2832 ScrptExe Failed to get the product information. Setting bRet to FALSE
2022-05-15 18:32:09 I #2832 ScrptExe Executing section: [SetUpdateErrorFail]