Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Unexpected error 0x50a occurred in "EcVirusScanOneMessage".
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
Why are some errors “unexpected”?
What is the role of the Microsoft Exchange Information Store service?
As per ME967518, on a computer that is running Microsoft Forefront Security for Exchange Server or a third-party antivirus product, after you install Microsoft Exchange Server 2007 Service Pack 1, you may receive many MSExchangeIS warning events. This is a known issue with Exchange Server 2007 Service Pack 1 to be fixed in one of the future releasese.
See ME294336 for a list of new events that are introduced with Exchange 2000 Server SP1 for Virus Scanning API 2.0.
If this problem occurs when using Kaspersky Antivirus for Exchange 5.5/2000, then see the link to “Kaspersky Support QID 3587970” for information on this problem.
See the link to "Symantec Support Document ID: 2003032510470954" if you are running a Symantec product.
As per Microsoft: "This event can occur if the Exchange Server is running an antivirus application and there are problems with the application". See MSEX2K3DB and the link to "Network Associates Support Solution ID: NAI30195" for information on this event.
From Symantec Knowledge Base: "This error occurred when Symantec AntiVirus/ Filtering 3.0 for Microsoft Exchange (SAVFMSE) is installed. To solve this problem:
1. Dismount the mailbox store. (DO NOT STOP THE "MICROSOFT EXCHANGE INFORMATION STORE" SERVICE!)
2. Click Start, then click Run and type the following:
"C:\Program Files\exchsrvr\bin\isinteg" -s <your NetBIOS server name here> -fix -test alltests
NOTE: If the path is dragged into the Run line, it should appear in quotes. If not, then use short file names.
3. Open Windows Explorer and browse to the following path:
4. Open the file Isinteg.pri with a text editor such as Notepad.
5. Examine the summary section at the end of the file. If the values for the following are not zero, then close the file and repeat Step 2 through Step 4 until the values for the following Totals are all zero.
6. Re-mount the mailbox store."
|Private comment: Subscribers only. See example of private comment|
|Links: ME294336, Network Associates Support Solution ID: NAI30195, Kaspersky Support QID 3587970, Symantec Support Document ID: 2003032510470954, MSEX2K3DB, ME967518|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated