Environment
Novell ZENworks 7.5 Asset Management - ZAM7.5
Situation
Collection Server Status Unavailable within the ZAM manager's Process Control Panel and no scans will take place.
Resolution
Applying DatVersion: 5756.0000 no longer exhibits the problem.
Additional Information
McAfee virus signatures have incorrectly determined that ColSvrCore.exe is infected as BackDoor-EEF (Trojan).
McAfee has acknowledged the problem and is supposed to fix the issue ASAP.
Extract of McAfee log:
2009.09.23. 22:58:12 Engine version = 5301.4018
2009.09.23. 22:58:12 AntiVirus DAT version = 5750.0
2009.09.23. 22:58:12 Number of detection signatures in EXTRA.DAT = None
2009.09.23. 22:58:12 Names of detection signatures in EXTRA.DAT = None
2009.09.23. 22:58:03 Scan Started MOLZAEGMAN10\SYSTEM (managed) 8.7 - SRV-ODS keresés
2009.09.23. 22:59:02 Deleted SYSTEM ODS((managed) 8.7 - SRV-ODS keresés) C:\Program Files\Novell\ZENworks\Asset Management\Bin\ColSvrCore.exe BackDoor-EEF (Trojan)
2009.09.23. 23:14:41 Deleted SYSTEM ODS((managed) 8.7 - SRV-ODS keresés) C:\Program Files\Novell\ZENworks\Asset Management
McAfee has acknowledged the problem and is supposed to fix the issue ASAP.
Extract of McAfee log:
2009.09.23. 22:58:12 Engine version = 5301.4018
2009.09.23. 22:58:12 AntiVirus DAT version = 5750.0
2009.09.23. 22:58:12 Number of detection signatures in EXTRA.DAT = None
2009.09.23. 22:58:12 Names of detection signatures in EXTRA.DAT = None
2009.09.23. 22:58:03 Scan Started MOLZAEGMAN10\SYSTEM (managed) 8.7 - SRV-ODS keresés
2009.09.23. 22:59:02 Deleted SYSTEM ODS((managed) 8.7 - SRV-ODS keresés) C:\Program Files\Novell\ZENworks\Asset Management\Bin\ColSvrCore.exe BackDoor-EEF (Trojan)
2009.09.23. 23:14:41 Deleted SYSTEM ODS((managed) 8.7 - SRV-ODS keresés) C:\Program Files\Novell\ZENworks\Asset Management
Also:
To also help identify if this is the problem please look within the Collection Server's install \bin folder. Check for the existence of Colsvrcore.exe. If not there and the McAfee log file contains entries similar to those above, then McAfee has terminated and deleted ColsvrCore.exe.
ColsvrCore.exe is the main executable for the collection server so if it is not there, the collection server cannot run and no scans will be taking place.
The collection server's \bin directory can be excluded via McaFee, and ColSvrCore.exe then copied back into the \bin folder. Within the services applet, the Zenworks collection server service can be restarted if it is no longer running.
If the service no longer exists, uninstall and reinstall the Collection server.
This TID will be updated once an update is received from McAfee.