Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 9874 Source: MSExchangeIS

Unexpected error <error code> occurred in "EcProcessVirusScanQueueItem" during virus scanning.
Mailbox Database: /o=somedomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCHANGE2007/cn=Microsoft Private MDB
Folder ID: <folder ID>
Message ID: <message ID>.
Error 0x50a: ME967081 says that this problem may be recorded after the installation of Exchange Server 2007 Service Pack 1 on servers operating on a heavy workload. To resolve this problem, install Update Rollup 7 for Exchange 2007 Service Pack 1. See the article for details.
Error: 0x50a - This is now fixed in Update rollup 7 for Exchange 2007 SP1  (ME960384). See also ME952778 for additional details.
This event can be recorded in several conditiions and each should be approached differently, depending on the error code recorded in the event description. The solution for one error may not work for all of them.

* * *

Error code: 0x50a - From a newsgroup post: "This problem appeared post SP1 install. We have an Exchange 2007 sp1
environment. We never had Exchange previously. We have to seperate mailbox servers, two CAS/HUBs in an NLB and an Edge. The problem only occurs on one mailbox server. The problem went away when I
had our one and only Entourage 2008 close his session to the server. This problem reappeared when he logged back in.

I did run the perfmon and didn't find anything out of the ordinary. So at this point, it seems to be a problem between Entourage 2008 and Exchange."

* * *

As per ME967518, on a computer that is running Microsoft Forefront Security for Exchange Server or a third-party antivirus product, after you install Microsoft Exchange Server 2007 Service Pack 1, you may receive many MSExchangeIS warning events. This is a known issue with Exchange Server 2007 Service Pack 1 to be fixed in one of the future releasese.
Error code 0x8004010f - As per Microsoft: "The Kaspersky scan engine definition files are no longer updated to the latest version. This problem occurs because Antigen 9.0 does not handle the updated Kaspersky scan engine correctly". See ME947260 for a hotfix applicable to Sybari Antigen 8.0, ME947187 for a hotfix applicable to Microsoft Forefront Security for Exchange Server and ME947184 for a hotfix applicable to Microsoft Antigen 9.0.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.