McAfee issues with EV10?

I have not heard of EV trying to terminate any AV process.

It sounds to me like the virus exclusions aren't set correctly like you said.  You should verify all the recommended exclusions are in place.

I checked it myself... all AV exclusions are set.

and also the ones that were added to the TN about EV10. The TN doesn'y say to exclude the ahole EV program files folder... only Enterprise Vault Indexing Engine Data Folder & Enterprise Vault Indexing Metadata location, and this was done already...

Yet - this still happens.

So - I will exclude the whole EV program files and check it tomorrow...

i have customers using mcafee on their EV servers and have not heard of this behavior either.

You might want to check McAfee support for any version specific issues. If there is any latest update installed which could have caused this behaviour.

Hi Sarah,

We are having lots of trouble with a customer that is using Mc Afee, DVS files get deletet and we need to restore the files again, please check with support if there are other cases known, apparently there are.

I recomend you to run a verify operation in EVSVR to check that everything is working fine. You should not have this.

SavesetId: 201301158277063~201112151215580000~Z~C11C63E2F3C767075A21806AFC6819A1, Archived Date: 2013-01-15 19:11:00Z
2013-02-18 23:20:37 ArchiveEntryId: 1629AF94F9DFB9246BCAA5125320DA25C1110000evserver1
2013-02-18 23:20:37 Error: Unspecified error (0x80004005)
2013-02-18 23:20:37 Event Output: Unable to complete retrieval request

Best regards, 

cruisen

Solution: Apply the below exclusions to your Enterprise Vault servers

Microsoft Message Queues

Default Typical Location - %system32\MSMQ

Risk - Scanning this location can cause MSMQ message corruption and severe performance issue which could interrupt

archiving tasks, cause data loss and create database inconsistencies.

Conditions - This applies to all Enterprise Vault servers.

Vault Stores

Default Typical Location - <root>Enterprise Vault Stores

Risk - Scanning this location can cause saveset corruption which could interrupt archiving tasks, cause data loss and create

database inconsistencies as well as performance issues.

Conditions - This applies to all Enterprise Vault servers.

Index Locations

Default Typical Index Locations - user configurable

Risk - Scanning these location(s) can cause corruption of indexes and search performance issues. These Indexes contain

metadata and do not directly represent end user data. Recreating indexes due to corruption and the associated potential

downtime this could cause makes this medium to high risk.

Conditions - This applies to all Enterprise Vault servers running an Indexing Service.

Shopping

Default Typical Location - <root>Program Files\Enterprise Vault\Shopping

Risk - Scanning this location can cause corruption of shopping baskets. Baskets are pointers to archived files and therefore

they do not directly represent end user data. For this reason the risk of scanning shopping baskets is low.

Conditions - This applies to all Enterprise Vault servers running a shopping service.

Enterprise Vault Server Cache Location

Default Typical Location - user configurable. Right-click on the Enterprise Vault server in the Vault Administration Console

and click Properties. Then click on the Cache tab.

Risk - Scanning this location can cause performance issues which could impact Vault Cache synchronization