Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 5022 Source: McLogEvent

MCSCAN32 Engine Initialisation failed. Engine returned error : Drivers (dat files) failed or are missing.
I had the same situation and found a "quick and dirty" method to update the system in question:

0. Remove the old McAfee installation and reboot.
1. Perform a default client install.
   Choose NOT to run an "update" or "on-demand scan" at the end of the installation.
2. Run the latest SDAT.
3. Stop the following services:
          a. McAfee Framework Service
          b. Network Associates McShield
          c. Network Associates Task Manager
4. Stop the following processes through the Task Manager:
          a. UpdaterUI.exe
          b. shstat.exe
5. This will effectively stop McAfee.
   Now copy from the directory ".\FALSE" behind the directory where the SDAT was run from to:
   "C:\Program Files\Common Files\Network Associates\Engine":
          a. mcscan32.dll
          b. scan.exe
6. Reboot the workstation.
7. Run an update to check the installation and watch the output. The output should run with no problems.
Run 5100eng.exe (from McAfee) to update the scan engine allowing the new dat files to work properly. For some reason the newer dat files you tried to update after a new install do not like the old scan engine.
Configure the McAfee DAT file location to point to a folder, share or Dfs link that is always accessible. Update older versions of McAfee with the latest McAfee SUPERDAT from the McAfee web site and restart the computer. Then, copy the latest DAT files to this location and update from them.
This problem may appear if one or more of the DAT files were not updated properly, causing the DAT files to not match each other. Read McAfee solution NAI34612 and NAI35939 for information on how to resolve the problem. Go to the "McAfee Knowledge Search" page and search for the specified solutions.
When running AutoUpdate manually, the update always failed saying definition files are not valid. To fix the problem I deleted files names.dat, san.dat, and clean.dat from C:\Program Files\Common files\Network Associates\Engine. Then I ran AutoUpdate again and everything updated fine.

This event is directly related to event ID 7024 (Service: Network Associates McShield, error 5022). 5022 means the McShield couldn't start the virus scanning engine. This almost always means your DAT files have become corrupted or mismatched (a version mismatch in the dat files --> scan.dat is a different version to names.dat for example). Try running the latest superdat again.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.