Event 21246 is logged on an agent computer, and you receive an error message in the Microsoft Operations Manager (MOM) 2005 Operator Console (891605)


The information in this article applies to:

  • Microsoft Operations Manager 2005
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.

SYMPTOMS

When McAfee VirusScan Enterprise 8.0i is installed on an agent computer, you experience the following symptoms:
  • Event 21246 is logged in the Application event log of the agent computer.
  • You receive the following error message in the Microsoft Operations Manager (MOM) 2005 Operator Console:Name:
    The MOM Host process was consuming too much memory and will be terminated

    Description:
    The host process for the script responses (nnnn) will be restarted because it is using nnnnnn more bytes than its limit of 104857600. To adjust this limit, edit the Software\Mission Critical Software\OnePoint\MaxScriptHostPrivateBytes registry key.

    Management Group: group name

CAUSE

This problem occurs because McAfee VirusScan replaces the Windows Script Host component with the ScriptScan proxy component (ScriptProxy.dll). The ScriptScan proxy component scans JavaScript scripts and Visual Basic Scripting Edition (VBScript) scripts. When a script runs and passes through the scan as clean, the script is passed to the appropriate Windows Script Host. The ScriptScan proxy component parses scripts before they are run by the associated Windows Script Host. When the ScriptScan feature is turned on, the MOMHost.exe component slowly leaks memory. However, turning off the ScriptScan feature in the McAfee VirusScan properties does not correct the problem.

WORKAROUND

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.To work around this problem, you must unregister the ScriptScan proxy component. To do this, follow these steps.

Important When you unregister the ScriptScan proxy component, McAfee VirusScan does not check scripts for viruses.
  1. Log on to the agent computer by using an account that has domain administrator permissions.
  2. Click Start , click Run , type cmd, and then click OK.
  3. At the command prompt, locate the %ProgramFiles%\Network Associates\VirusScan folder.
  4. At the command prompt, type the following:

    regsvr32 /u scriptproxy.dll

  5. You must restart the OnePoint service to apply the changes. To do this, follow these steps:
    1. Click Start, point to Administrative Tools, and then click Services.
    2. In the Services snap-in, right-click OnePoint, and then click Restart.
    3. Exit the Services snap-in.

MORE INFORMATION

For information about how to contact McAfee, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z

For more information about this problem, visit the McAfee support Web site:

http://knowledgemap.nai.com

Note On the McAfee support Web site, search for the following Solution ID references: kb40067, kb47302, kb40049, and kb46223. The symptoms discussed in this Microsoft Knowledge Base article directly relates to the McAfee Solution ID kb40067. Although McAfee VirusScan Enterprise 8.0i does not fix the memory leak, a hotfix is available from McAfee to unregister the ScriptProxy.dll. Contact McAfee support to obtain this hotfix.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Modification Type:MinorLast Reviewed:4/14/2006
Keywords:kbOpmanPerfmon kbOpmanInterop kbOpmanAlerts kbtshoot kberrmsg kbPerformance kbinterop KB891605 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.