Menu

Search
InstantKB

InstantKB



Agent Memory Leak when Running McAfee VirusScan 8.0i Patch 11 or higher

16 Years Ago
New Boundary Support
Prism Patch Manager Troubleshooting

Update Agent Memory Leak when Running McAfee VirusScan 8.0i Patch 11 or higher

 

Description

This article provides a solution for a memory leak that arises when the PATCHLINK UPDATE Agent for Windows is running on the same machine as McAfee VirusScan Enterprise 8.0i Patch 11.

Applies To: Update Agent for Windows; McAfee VirusScan Enterprise 8.0i Patch 11

SYMPTOMS

The Update Agent for Windows, when installed on a machine also running McAfee VirusScan Enterprise 8.0i Patch 11 or higher, consumes increasing amounts of memory in the following scenarios:

Agent receives a deployment from the PATCHLINK UPDATE Server (PLUS)

When the Update Agent receives a deployment, memory allocation to the gravitixservice.exe spikes from around 10 MB to around 30 MB. This memory is not released to the system when the deployment completes and continues to grow with each subsequent deployment.

Agent attempts to establish a connection with PLUS but is unable to due to network connectivity issues

When the Update Agent is unable to establish a connection with PLUS due to network connectivity issues, memory allocation to the gravitixservice.exe increases 2 to 4 KB with each connection attempt.

CAUSE

On machines running McAfee VirusScan Enterprise 8.0i Patch 11 or above, the memory leak can exist with any process that utilizes VBScript/Jscript. Normally the leak goes unnoticed as applications are closed by the user and memory is released, but for services like gravitixservice.exe and processes that heavily utilize scripting the leak can be significant over time.

The root cause of this issue is in the ScriptScan (scriptproxy.dll) architecture. This component is unable to track which interface is adding/releasing references to objects, causing a leak.

RESOLUTION

McAfee has published McAfee Virus Scan 8.0i Patch 15 which allows processes to be excluded from ScriptScan.

Note: This issue is resolved in VirusScan Enterprise 8.5i

WORKAROUND

Disable ScriptScan

McAfee 8.0i customers that are not utilizing the ScriptScan feature within their enterprise should disable the feature. This can be done by unregistering the scriptproxy.dll file as follows:

1.       At a command prompt, cd to C:\Program Files\Network Associates\VirusScan.

2.       Type regsvr32 /u scriptproxy.dll.

3.       Press ENTER.

4.       Restart the computer.

A hotfix is also available from McAfee Support, named VSE80HF241572.zip, which allows you to disable the ScriptScan feature via the user interface or policy enforcement and will be included in the Patch 15 release. Refer to McAfee kb44955 for more information.


Also In This Category



On a scale of 1-5, please rate the helpfulness of this article


Not Helpful
Very Helpful
Optionally provide your comments to help us improve this article...

Thank you for your feedback!

Add Your Comments
Name:
Email Address:
RadEditor - HTML WYSIWYG Editor. MS Word-like content editing experience thanks to a rich set of formatting tools, dropdowns, dialogs, system modules and built-in spell-check.
RadEditor's components - toolbar, content area, modes and modules
   
Toolbar's wrapper 
 
Content area wrapper
RadEditor's bottom area: Design, Html and Preview modes, Statistics module and resize handle.
It contains RadEditor's Modes/views (HTML, Design and Preview), Statistics and Resizer
Editor Mode buttonsStatistics moduleEditor resizer
 
 
RadEditor's Modules - special tools used to provide extra information such as Tag Inspector, Real Time HTML Viewer, Tag Properties and other.
   
Verification Code:
Details
Last Modified: 16 Years Ago
Last Modified By: New Boundary Support
Type: INFO
Article not rated yet.
Article has been viewed 5.1K times.
Options
Print Article
Comments RSS
Export As PDF
Customer Support Software By InstantKB 2015-2
Execution: 0.000. 15 queries. Compression Disabled.