Collection Server status Unavailable and no scans taking place

  • 7004524
  • 24-Sep-2009
  • 27-Apr-2012

Environment

Novell ZENworks 7.5 Asset Management - ZAM7.5

Situation

Collection Server Status Unavailable within the ZAM manager's Process Control Panel and no scans will take place.

Resolution

Applying DatVersion: 5756.0000 no longer exhibits the problem.

Additional Information

McAfee virus signatures have incorrectly determined that ColSvrCore.exe is infected as BackDoor-EEF (Trojan).

McAfee has acknowledged the problem and is supposed to fix the issue ASAP.

Extract of McAfee log:
2009.09.23.         22:58:12                              Engine version                          =    5301.4018
2009.09.23.         22:58:12                              AntiVirus   DAT version                 =             5750.0
2009.09.23.         22:58:12                              Number of detection signatures in EXTRA.DAT =             None
2009.09.23.         22:58:12                              Names of detection signatures in EXTRA.DAT  =              None
2009.09.23.         22:58:03               Scan Started      MOLZAEGMAN10\SYSTEM         (managed) 8.7 - SRV-ODS keresés
2009.09.23.         22:59:02               Deleted               SYSTEM               ODS((managed) 8.7 - SRV-ODS keresés)              C:\Program Files\Novell\ZENworks\Asset Management\Bin\ColSvrCore.exe           BackDoor-EEF (Trojan)
2009.09.23.         23:14:41               Deleted               SYSTEM               ODS((managed) 8.7 - SRV-ODS keresés)              C:\Program Files\Novell\ZENworks\Asset Management
Also:
 
To also help identify if this is the problem please look within the Collection Server's install \bin folder.  Check for the existence of Colsvrcore.exe.  If not there and the McAfee log file contains entries similar to those above, then McAfee has terminated and deleted ColsvrCore.exe.
 
ColsvrCore.exe is the main executable for the collection server so if it is not there, the collection server cannot run and no scans will be taking place.
 
The collection server's \bin directory can be excluded via McaFee, and ColSvrCore.exe then copied back into the \bin folder.  Within the services applet, the Zenworks collection server service can be restarted if it is no longer running.
 
If the service no longer exists, uninstall and reinstall the Collection server.
 
This TID will be updated once an update is received from McAfee.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.