New
#21
Cottonball,
Here are the results of the scan using Option 3.
Cottonball,
Here are the results of the scan using Option 3.
This is a tough one. I do not see where the reports provided point to problems with MSE.
You appear to be running a Limited account, vs. one with Administrative privileges. Any way you can access an Administrative account and run MSE from there?
I can. But I usually use a standard account.
Could be!
I'm thinking of a reinstall an Administrator account, and then running the Full scan again.
Is that what you are thinking, LB?
Yes I'm am. Making sure that one is signed into the admin account when doing this.
Once MSE in downloaded and installed using the admin account then one can decide whether all users or just the admin account can use MSE.
On my systems I'm the only user and I only have one account. So i have never run into this problem.
I'm not a security expert, but is this idea worth considering ?
I had a problem a long time ago where Windows (file) Explorer would crash.
I found out it was caused by an invalid media file and i tried to browse that folder.
I found the culprit file, deleted it, and that fixed my problem.
Maybe there is some invalid file that MSE can't handle, and MSE crashes ???
It always happens near the end of a Full Scan, right ?
Do you know what folder/file is being scanned when MSE stops working ?
Is it always the same folder/file ?
You might have to be looking at the MSE scan window to know what folder/file is being scanned when MSE stops working.
MSE has a command line (CMD) capability / option available.
It has a -trace option, but from what I've read only MS techs can read the trace file
Here is the command to run a full scan from a command prompt (CMD) in Win 7 32 bit:
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" -scan -scantype 2 -trace
Maybe it will display some helpful info when MSE "crashes", but i don't know.
The command option does write to the MpCmdRun.log, but i don't know if it will capture any error message for you ?
For me this log is C:\Users\DavidE\AppData\Local\Temp\MpCmdRun.log
Here is an example of the log when i ran a CMD scan on a specific file.
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Microsoft Security Client\MpCmdRun.exe" -scan -scantype 3 -file "c:\itb.log" -trace
Start Time: Sat May 09 2015 11:06:54
Starting RunCommandScan.
INFO: ScheduleJob is not set. Skipping signature update.
Scanning path as file: c:\itb.log.
Start: MpScan(MP_FEATURE_SUPPORTED, dwOptions=16385, path c:\itb.log, DisableRemediation = 0, BootSectorScan = 0, Timeout in days = 1)
MpScan() started
MpScan() was completed
Finish: MpScanStart(MP_FEATURE_SUPPORTED, dwOptions=16385)
Finish: MpScan(MP_FEATURE_SUPPORTED, dwOptions=16385, path c:\itb.log, DisableRemediation = 0, BootSectorScan = 0, Timeout in days = 1)
Scanning c:\itb.log found no threats.
MpScan() has detected 0 threats.
MpCmdRun: End Time: Sat May 09 2015 11:06:54
-------------------------------------------------------------------------------------
Cottonball,
I have tried reinstalling and running a full scan in the Administrator account and, unfortunately, the problem still occurs.
However, thanks to the issue that DavidE brought up, I've always noticed the that scan usually stops when begins to the scan the D:\preload\base.wim files.
I hope this helps.
From what I've found that seems like an HP recovery partition / file ...
Can you post a screen print of Disk Management ?
Disk Management - Post a Screen Capture Image
Also, can you right click on that folder and click Scan with Microsoft Security Essentials... to see what happens ?