MOM 2005 agent runs it’s scripts in an out-of-service (MOMService.exe) process called MOMHost.exe. When you are running McAfee 8.0i AV agent, there appears to be a problem. The ScriptProxy.dll component of the McAfee agent causes a slow memory hog in the MOMHost.exe process responsible for running MOM Scripts. By default MOM does not allow more then 100MB for this process to take up on a computer (editable in registry). The effect is that every 2-4 days your process will restart (depending on number of scripts/MPs in place). This in turn leads to such errors:
Maintenance Mode: False
Time Last Modified: 2006-06-22 20:41:09
Resolution State: New
Time in State: 2006-06-22 18:41:09
Problem State: 0
Repeat Count: 0
Name: The rule response failed to execute
Source: Microsoft Operations Manager
Description: The response processor failed to execute a response. The response returned the error message: The remote procedure call failed.
This is because restarting that process kills all scripts without any notice. This could be improved to let the scripts finish (allowing for some timeout) before killing the process. Failing scripts can result in many things:
There was a time, when McAfee claimed that it fixed problems with Patch 11, but it came out not to be true. See article KB47302 on http://knowledgemap.nai.com/: Installing the current VirusScan Patch 11 does not resolve this issue.
The solution is to unregister the ScriptProxy.DLL or install a Patch from McAfee AND disable the script scanning component in EPO.
It took me some time to figure out all this, so maybe this post will speed up things for some of you. Our KB articles were updated not long ago to reflect this, but are not always 100% clear (See: http://support.microsoft.com/kb/891605/en-us, http://support.microsoft.com/kb/890736/en-us).
MOM 2005 agent runs it&rsquo;s scripts in an out-of-service (MOMService.exe) process called MOMHost.exe....
Mon collègue polonais Andrzej LIPKA a publié un article sur l’incompatibilité de MOM avec l’outil d’analyse...
It's also possible to install patch 14 and exclude the momhost process:
The ScriptScan feature loaded into the memory space of any process that launched a script (VBScript or JScript).
Processes can now be excluded from having ScriptScan provide protection to that process.
The process name, without extension, can be added to the registry string "ExcludedProcesses," located at:
HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\ScriptScan
Additional process names can be added, separated by a "," comma.