4 Replies Latest reply on May 26, 2016 6:42 AM by swimber@emory.edu

    CCobraClientToolShell

    swimber@emory.edu Apprentice

      Twice now I have seen an agent that had been previously working fine stop reporting with the error the even log as Event 19, Source LANrev Agent Service, Error "Message: CCobraClientToolShell::RunSelf -- Error: {1302}"

       

      I cannot find anything in this error and getting an agent working again once this happens is time consuming.

       

      The Windows Event viewer does not go back far enough to see the start of these errors as I have only been looking into clients that do not heartbeat in over a week and logs are generally overwritten within a week.

       

      Is there any known repair for this?

      Clients: Windows 7 and Windows 10

      Agent and LANrev Server:  7.0

        • 1. Re: CCobraClientToolShell
          dherder Specialist

          Hi Stephen,

          The 1302 is a connection error where the communication socket could not be opened. Is there any antivirus running on that machine? Are there any .dmp files located in %windir%\Temp?

           

          dave

          • 2. Re: CCobraClientToolShell
            swimber@emory.edu Apprentice

            Yes to both questions.  The antivirus rules would be the same across all our computers though so I would not suspect antivirus unless this particular computer were not healthy.  Are there any antivirus rules that need to be in place for LANrev agents?  (I may have put some in when we rolled out the product, I just don't remember.)

             

            We do have .dmp files in the %windir%\Temp folder, is that not normal?

            • 3. Re: CCobraClientToolShell
              patgmac1 Expert

              I peeked at your rules. Your McAfee rules are based on mine from a long time ago (note to others, Stephen and I work at the same org but different biz units) but I do have some added that you do not have. But I agree, you would see a wider problem and I don't know that my extra exclusions were necessary. You have the important one disabled "prevent running scripts from temp" so you're good there. To be sure, you can check logs in C:\ProgramData\McAfee\DesktopProtection. Those logs will tell you if something was blocked.

               

              Note: One thing I have extra in my rules is I added LANrev Agent.exe to the low risk processes policy

              • 4. Re: CCobraClientToolShell
                swimber@emory.edu Apprentice

                Dave, The antivirus logs do not show anything blocked that I would suspect would have anything to do with LANrev.  Do the .dmp files show us anything?

                 

                Patrick, I have added LANrev Agent.exe in the low risk processing policy as you pointed out.  We'll see if that makes a difference.