Products
- Network Security
  - Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
  - Security ServicesComprehensive security for your network security solution
  - Capture Security applianceAdvanced Threat Protection for modern threat landscape
  - Network Security ManagerModern Security Management for today’s security landscape
- Access Security
  - Secure Mobile AccessRemote, best-in-class, secure access
  - Wireless Access PointsEasy to manage, fast and secure Wi-FI
  - SwitchesHigh-speed network switching for business connectivity
- Cloud Security
  - Cloud App SecurityVisibility and security for Cloud Apps
  - Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
  - Capture ClientStop advanced threats and rollback the damage caused by malware
  - Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
  - Product Menu Right Image
  - Capture Cloud Platform
    Capture Cloud Platform
    A security ecosystem to harness the power of the cloud
- Button Widgets
  - Products A-Z
    all products A–Z FREE TRIALS
Solutions
- Industries
- Use Cases
- Solutions Widgets
  - Solutions Content Widgets
    Federal
    Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
  - Solutions Image Widgets
Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
  - Custom HTML : Partners Content WIdgets
    Partner Portal
    Access to deal registration, MDF, sales and marketing tools, training and more
  - Partners Image Widgets
Support
- Support
- Resources
- Support Widget
  - Custom HTML : Support Content WIdgets
    Support Portal
    Find answers to your questions by searching across our knowledgebase, community, technical documentation and video tutorials
  - Support Image Widgets
COMPANY
PROMOTIONS
MANAGED SERVICES
Contact Sales

English English en

Support on SonicWall Products, Services and Solutions

Browse Knowledgebase by Category

Capture Security Center

Management and Reporting

Anti-Virus: ERROR: DCOM Error Event ID 10001

03/26/2020 6 13345

DESCRIPTION:
Anti-Virus: ERROR: DCOM Error Event ID 10001

RESOLUTION:

Problem

Total Protection fails to update on Domain Controllers when no users are logged in.

Account lockout errors are generated for McAfeeMVSUser on domain controllers.

The following error is displayed in the Windows System Event Viewer:

DCOM Error Event ID 10001 / 10004: Unable to start a DCOM Server: {427D6FE2-4FA4-B65C-AC7E2VF0B976} as ./ McAfeeMVSUser. The Error: "Access is denied." Happened while starting this command: "C:Program FilesMcAfeeManaged VirusScanAgentMyUsrSrv3.5.0.exe" -Embedding

The following error is displayed in the Windows Security Event Viewer:

Security 529 Logon Failure:
Reason: Unknown user name or bad password
User Name: McAfeeMVSUser

The following event 10004 error is logged on the domain controllers:

DCOM got error "Logon failure: user account restriction. "and was unable to logon .McAfeeMVSUser in order to run the server:{2242B406-90A2-4EF9-BC19-492D477F7914}

Summary

In previous versions of Total Protection, if no one was logged on, the computer would not update. To address this issue for those with unattended servers, mvsuser was introduced. This acts as a user for updating purposes in the absence of a actual logged on user. This feature works on many platforms and servers with the exception of Domain Controllers, because these require a domain user and, for security reasons, mvsuser only installs as a local user.

Cause

These events are informational and are non-critical errors. They are generated when the default McAfeeMVSUser account attempts to automatically update on a Domain Controller when a user is not logged in.

Total Protection is unable to automatically create a user account with sufficient privileges to update on a Domain Controller when no user is logged in. This is to avoid creating any unnecessary security risks on a critical network component.

On most computers, the McAfeeMVSUser account has sufficient privileges to update without a user logged in. When a user is logged in, the privileges of the logged in user allow the updates to occur.

Solution 1

A user account with sufficient permissions to update must be logged in to the Domain Controller to allow Managed VirusScan / Total Protection Services to update.

To stop these errors, disable the McAfeeMVSUser account from an Administrator account:

Step 1 - Create a new group for the Domain Controller

You will need to log into you mcafee security center and delete machines that are no longer active or should not have mcafee installed.
You can log into the security center by logging into your SonicWall security appliance>Click on securtity services>click on client av>Create report>input your mySonicWall log on information (that the SonicWall in question is registered under)
At the top of the page, click Groups + Policies.
Click Add Group, type a name for the new group (for example, Domain Controller), then click Save.

Step 2 - Create a new Policy to disable the McAfeeMVSUser account

Click Add Policy.
Enter a name for the new policy (for example, Domain Controller).
Click the Advanced Settings tab.
Deselect Update client computers where users are not logged in.
Click Save.

Step 3 - Apply the new policy to the Domain Controller

On the Groups + Policies page, locate the new group and select Edit / Assign Policy.
From the drop-down menu, select the new Policy and click Save.
At the top of the page, click Computers.
In the list of computers, select your Domain Controller.
At the bottom of the page, from the Move to drop-down menu, select the new group, then click Move.

The Domain Controller will receive the updated policy at the next update interval.

Solution 2

Manually disable the McAfeeMVSUser account on the Domain Controller.

Click Start, Run, type cmd and click OK.
Go to C:Program FilesMcAfeeManaged VirusScanAgent.
Type the following command, then press ENTER:

myUsrSrv4.0.0.358.exe /UnregServer

NOTE :

This only disables the McAfeeMVSUser account. An account with the correct permissions must still be logged in to allow updating.
You can create an acount for updating purposes only and leave this logged on while locking the DC server screen.

Excerpt: https://mysupport.mcafee.com/Eservice/Article.aspx?id=KB58633

Was This Article Helpful?

Yes No

Not Finding Your Answer?

ASK THE COMMUNITY

Stay In Touch

Email Address*
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time at Manage Subscriptions.
Country
Company
States
Dnb- ZIP
Dnb- Phone
elqCampaignId
elqTrackId
utm_campaign
utm_medium
utm_source
utm_term
utm_content
gclid
sfdc_campaign_id
DnB - Address
DnB - First Name
DnB - Last Name
DnB - Duns
DnB - Global Ult (HQ) DUNS
DnB - Global Ult (HQ) Company
DnB - Employee Count
DnB - Trade Name
DnB - Currency
DnB - Vanity Title
DnB - Country
DnB - State
DnB - Zip
DnB - City
DnB - Global Employee Count
DnB - SIC Code
DnB - SIC Description
DnB - NAICS Code
DnB - NAICS Description
DnB - Revenue
DnB - Domain
DnB - Business Phone
DnB - Company
DnB - DataSource
DnB - DMACode
DnB - EmployeeRange
DnB - Fortune1000
DnB - Fortune200
DnB - Industry
DnB - Postal Code
DnB - PrimarySIC
DnB - SubIndustry
DnB - PrimaryNAICS
DnB - StockTicker
DnB - Revenue Range
DnB - State or Province
DnB - Website
Phone
This field is for validation purposes and should be left unchanged.

Capture More

Fear Less

Capture Cloud Platform

Federal

Partner Portal

Support Portal

Capture Cloud Platform

Federal

Partner Portal

Support Portal

Anti-Virus: ERROR: DCOM Error Event ID 10001

Cause

Solution 1

Solution 2

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Not Finding Your Answer?

Stay In Touch

Anti-Virus: ERROR: DCOM Error Event ID 10001

Cause

Solution 1

Solution 2

Categories

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Not Finding Your Answer?

Stay In Touch