Event ID 9015 and Event ID 9014 are logged in the Windows application event log on computers that are running the Microsoft Operations Manager 2000 agent (891604)


The information in this article applies to:

  • Microsoft Operations Manager 2000
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.

SYMPTOMS

The following event messages are logged in the Microsoft Windows application event log on computers that are running the Microsoft Operations Manager (MOM) 2000 agent:Event ID: 9015
Source: OnePoint Operations
Description: The Microsoft Operations Manager 2000 service (OnePointService.exe) received an unexpected exception.

Thread Id: 0xnnnn
Thread Name: MOMConfigurationGroup:AgentRespProcessIDNumber
Exception code: 0x00000000c00000005
Exception description: Access Violation
Exception address: 00000000 Exception flags: 0x0Event ID: 9014
Source: OnePoint Operations
Description: The Microsoft Operations Manager 2000 service (OnePointService.exe) terminated due to an unhandled exception. It will attempt to restart itself.

CAUSE

This problem is typically caused by McAfee VirusScan Enterprise 8.0i. This problem may occur when the McAfee ScriptScan component (Scriptscan.dll) scans a script that calls a Microsoft ActiveX control. Scriptscan.dll replaces the Windows Script Host component with its own proxy component. The McAfee ScriptScan proxy component (Scriptproxy.dll) scans JavaScript-based scripts and Microsoft Visual Basic Scripting Edition (VBScript)-based scripts to look for viruses. When a script runs and then passes through the scan as clean, Scriptproxy.dll passes the script to the appropriate Windows Script Host.

However, Scriptproxy.dll may cause an access violation when it parses the MOM Active Directory Management Pack scripts that call ActiveX controls during the OnePointService.exe process. Scriptproxy.dll may stop responding and may cause the OnePointService.exe process that hosts the component to stop responding. The OnePointService.exe process tries to restart itself. This behavior may repeatedly occur.

WORKAROUND

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

To work around this problem, unregister Scriptproxy.dll. To do this, follow these steps.

Important When you unregister Scriptproxy.dll, McAfee does not scan any scripts to look for viruses.
  1. Log on to the computer that is running the MOM 2000 agent by using an account that has domain administrator permissions.
  2. Click Start, click Run, type cmd, and then click OK.
  3. At the command prompt, locate the %ProgramFiles%\Network Associates\VirusScan folder.
  4. At the command prompt, type regsvr32 /u scriptproxy.dll.
  5. Restart the OnePointService.exe process to apply the changes. To do this, follow these steps:
    1. Click Start, point to Administrative Tools, and then click Services.
    2. In the Services snap-in, right-click OnePoint, and then click Restart.
    3. Close the Services snap-in.

REFERENCES

For more information about this problem, visit the McAfee Web site:

http://knowledgemap.nai.com

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Note On the McAfee Web site, search for the following McAfee Solution IDs: kb40067, kb47302, and kb40049. The McAfee Solution ID kb40049 article directly relates to the symptoms that are described in this Microsoft Knowledge Base article. Install VirusScan Enterprise 8i Patch 11 or a later version to resolve this problem. McAfee Solution ID kb40067 also applies to MOM 2000 although the McAfee article discusses MOM 2005. Because script execution is performed in-process to the OnePoint service in MOM 2000, the memory leak that is discussed is likely to have a larger effect in MOM 2000. There is no Patch for McAfee VirusScan Enterprise 8i that corrects the memory leak in the ScriptProxy.dll file.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Modification Type:MinorLast Reviewed:4/14/2006
Keywords:kbinterop kbtshoot kberrmsg kbSecurity KB891604 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.