Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,536 questions
Windows Defender MpCmdRun.exe Custom Scan Automation Job Failing intermittently in Production Environment using TeamCity Tool
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 48%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
Vamshi Krishna
0
Reputation points
Hello Microsoft Community, We are currently facing an issue with our TeamCity build automation, specifically related to the custom virus scan using the MpCmdRun.exe command-line utility. Our setup involves executing the command: MpCmdRun.exe -Scan -ScanType 3 -File "\abc\123\v\master.129-V" -DisableRemediation This automation runs on a Windows Server 2019 Standard OS (version 1809, OS build 17763.5329), and the MpCmdRun.exe is executed from the default location (C:\Program Files\Windows Defender). During the Proof of Concept (POC) phase, we did not encounter any issues. However, when we enabled the same automation in the production environment, we are experiencing intermittent failures with the following message in the TeamCity build log: CmdTool: Failed with hr = 0x80508023. Check C:\BuildAgent\temp\buildTmp\MpCmdRun.log for more information What's peculiar is that if the job runs on the agent "Windows1" and fails, re-running the job on the same agent within a short timeframe often results in a successful virus scan. This issue is not reproducible in our test environment. We have observed the following:
- The C:\BuildAgent\temp\buildTmp\MpCmdRun.log file does not provide much information on the failure.
- No relevant event logs are generated for Windows Defender in the Event Viewer.
We are seeking assistance on the following:
- How can we determine the root cause of the intermittent failure and resolve it?
- Why are event logs not being generated for Windows Defender in the Event Viewer during these failures?
Any insights or guidance would be greatly appreciated. Thank you. Regards, Vamsi Krishna
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT 29,171 Reputation points Microsoft Employee2024-02-06T08:37:05.05+00:00 @Vamshi Krishna Thank you for reaching out to us. As I understand you have queries on MpCmdRun.exe command-line utility. As you mentioned it's an intermittent issue, would recommend working with our support team to get the detailed analysis done on the issue, logs like mpcmdrun.log might be required to investigate further on this. Try modifying the syntax on the mpcmdrun as mentioned below in the screenshot to check if it helps.
Let me know if you have any further questions, feel free to post back.
-
Vamshi Krishna 0 Reputation points
2024-02-07T08:29:57.49+00:00 Thanks Givary, we have used the first syntax which is mentioned in the screenshot by removing the double quotes (" ") . we have tested the same in our test environment which is fine, enabled the same in production. will keep you posted on the Production by end of this week.
-
Vamshi Krishna 0 Reputation points
2024-02-15T01:45:29.1566667+00:00 Hello @Givary-MSFT We encounter the same issue again after changing the syntax as above. but this time even after re-running the build did not resolve the issue, however we have logged into the agent machine on which the build got failed and ran the MpCmdrun.exe scan command locally in the command-prompt and then re-running the build in teamcity worked. Not sure why this typical behaviour. i am attaching the logs entries which we were able to print in the teamcity buildlog.
MpCmdRun: Command Line: MpCmdRun.exe -Scan -ScanType 3 -File \nc-fs2\jdbcserver\current\jdbc/600/PROGRESS_DATADIRECT_JDBC_GREENPLUM_6.0.0.zip -DisableRemediation [04:28:00][Step 4/4] Start Time: ?Wed ?Feb ?14 ?2024 04:28:00 [04:28:00][Step 4/4] [04:28:00][Step 4/4] MpEnsureProcessMitigationPolicy: hr = 0x1 [04:28:00][Step 4/4] Starting RunCommandScan. [04:28:00][Step 4/4] INFO: ScheduleJob is not set. Skipping signature update. [04:28:00][Step 4/4] Scanning path as file: \nc-fs2\jdbcserver\current\jdbc/600/PROGRESS_DATADIRECT_JDBC_GREENPLUM_6.0.0.zip. [04:28:00][Step 4/4] Start: MpScan(MP_FEATURE_SUPPORTED, dwOptions=33558577, path \nc-fs2\jdbcserver\current\jdbc/600/PROGRESS_DATADIRECT_JDBC_GREENPLUM_6.0.0.zip, DisableRemediation = 1, BootSectorScan = 0, Timeout in days = 1) [04:28:00][Step 4/4] MpScan() started [04:28:00][Step 4/4] Warning: MpScan() encounter errror. hr = 0x80508023 [04:28:00][Step 4/4] MpScan() was completed [04:28:00][Step 4/4] ERROR: MpScan(dwOptions=33558577) Completion Failed 80508023 [04:28:00][Step 4/4] MpCmdRun: End Time: ?Wed ?Feb ?14 ?2024 04:28:00
-
Vamshi Krishna 0 Reputation points
2024-02-15T01:51:01.9066667+00:00 Hello@Givary
We encounter the same issue again after changing the syntax as above. but this time even after re-running the build did not resolve the issue, however we have logged into the agent machine on which the build got failed and ran the MpCmdrun.exe scan command locally in the command-prompt and then re-running the build in teamcity worked. Not sure why this typical behaviour. i am attaching the logs entries which we were able to print in the teamcity buildlog.
MpCmdRun: Command Line: MpCmdRun.exe -Scan -ScanType 3 -File \nc-fs2\jdbcserver\current\jdbc/600/PROGRESS_DATADIRECT_JDBC_GREENPLUM_6.0.0.zip -DisableRemediation [04:28:00][Step 4/4] Start Time: ?Wed ?Feb ?14 ?2024 04:28:00 [04:28:00][Step 4/4] [04:28:00][Step 4/4] MpEnsureProcessMitigationPolicy: hr = 0x1 [04:28:00][Step 4/4] Starting RunCommandScan. [04:28:00][Step 4/4] INFO: ScheduleJob is not set. Skipping signature update. [04:28:00][Step 4/4] Scanning path as file: \nc-fs2\jdbcserver\current\jdbc/600/PROGRESS_DATADIRECT_JDBC_GREENPLUM_6.0.0.zip. [04:28:00][Step 4/4] Start: MpScan(MP_FEATURE_SUPPORTED, dwOptions=33558577, path \nc-fs2\jdbcserver\current\jdbc/600/PROGRESS_DATADIRECT_JDBC_GREENPLUM_6.0.0.zip, DisableRemediation = 1, BootSectorScan = 0, Timeout in days = 1) [04:28:00][Step 4/4] MpScan() started [04:28:00][Step 4/4] Warning: MpScan() encounter errror. hr = 0x80508023 [04:28:00][Step 4/4] MpScan() was completed [04:28:00][Step 4/4] ERROR: MpScan(dwOptions=33558577) Completion Failed 80508023 [04:28:00][Step 4/4] MpCmdRun: End Time: ?Wed ?Feb ?14 ?2024 04:28:00
-
Givary-MSFT 29,171 Reputation points Microsoft Employee
2024-02-21T11:51:39.01+00:00 @Vamshi Krishna Apologies for the delayed response to debug this issue further, would recommend to have a ticket created with our support team to investigate this issue further for you.
Sign in to comment