Microsoft KB Archive/891605

= Event 21426 is logged on an agent computer, and you receive an error message in the Microsoft Operations Manager (MOM) 2005 Operator Console =

Article ID: 891605

Article Last Modified on 1/17/2007

-

APPLIES TO


 * Microsoft Operations Manager (MOM) 2005

-



Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.



SYMPTOMS
When McAfee VirusScan Enterprise 8.0i is installed on an agent computer, you experience the following symptoms:  Event 21426 is logged in the Application event log of the agent computer. You receive the following error message in the Microsoft Operations Manager (MOM) 2005 Operator Console:

Name:

The MOM Host process was consuming too much memory and will be terminated

Description:

The host process for the script responses will be restarted because it is using   more bytes than its limit of 104857600. To adjust this limit, edit the  registry key.

Management Group:





CAUSE
This problem occurs because McAfee VirusScan replaces the Windows Script Host component with the ScriptScan proxy component (ScriptProxy.dll). The ScriptScan proxy component scans JavaScript scripts and Visual Basic Scripting Edition (VBScript) scripts. When a script runs and passes through the scan as clean, the script is passed to the appropriate Windows Script Host. The ScriptScan proxy component parses scripts before they are run by the associated Windows Script Host. When the ScriptScan feature is turned on, the MOMHost.exe component slowly leaks memory. However, turning off the ScriptScan feature in the McAfee VirusScan properties does not correct the problem.



WORKAROUND
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

To work around this problem, you must unregister the ScriptScan proxy component. To do this, follow these steps.

Important When you unregister the ScriptScan proxy component, McAfee VirusScan does not check scripts for viruses.  Log on to the agent computer by using an account that has domain administrator permissions. Click Start, click Run , type cmd , and then click OK. At the command prompt, locate the %ProgramFiles%\Network Associates\VirusScan folder.</li> At the command prompt, type the following:

regsvr32 /u scriptproxy.dll

</li> You must restart the MOM service to apply the changes. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, point to Administrative Tools, and then click Services.</li> In the Services snap-in, right-click MOM, and then click Restart.</li> Exit the Services snap-in.</li></ol> </li></ol>

<div class="moreinformation_section">

MORE INFORMATION
For information about how to contact McAfee, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z

For more information about this problem, visit the McAfee support Web site:

http://knowledgemap.nai.com

Note On the McAfee support Web site, search for the following Solution ID references: kb40067, kb47302, kb40049, and kb46223. The symptoms discussed in this Microsoft Knowledge Base article directly relates to the McAfee Solution ID kb40067. Although McAfee VirusScan Enterprise 8.0i does not fix the memory leak, a hotfix is available from McAfee to unregister the ScriptProxy.dll. Contact McAfee support to obtain this hotfix.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Additional query words: Private bytes

Keywords: kbopmanperfmon kbopmaninterop kbopmanalerts kbtshoot kberrmsg kbperformance kbinterop KB891605

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.