The Company that I work for allows me to use McAfee VirusScan Enterprise 7.1 and 8.0i on my home system(s). I have discovered that every time I check for updates (whether it downloads updates or not) it always has a slow system shutdown or reboot and logs and error in the Event Log. This happens with both versions 7.1 and 8.0i; both in Windows XP SP1, SP2, and with Windows 2000 SP4 as well. Shut downs and reboots are fine as long as I do not check for updates. I do not remember the Event ID error right now as I gave up on McAfee because of this, but it has something to do with the registry not being able to unload after the usual 60 seconds or whatever it is.

Has anybody else experienced this?
Does anybody know of any work arounds for this?

Thanks,
Dave

Never had this problem (both VSE 7.1 and 8.0i)

I decided to reinstall so that I could create the Event ID again so that it might assist anyone in pin-pointing this particular error. Please keep in mind that this only occurs when I check for updates using the "Update Now..." option and then either shut down or restart the system. It doesn't make a difference whether or not it actually downloads and installs any updates.

Here is the error message from the Event Log:


Source: Userenv Event ID: 1000

Windows cannot unload your registry file. If you have a roaming profile, your settings are not replicated. Contact your administrator.

DETAIL - Access is denied. , Build number ((2195)).

it did happen to me before when i used 7.1 version with win2k pro. and i also found some users' complaint about the same issue on a chinese security forum. But it only happens to mvse 7.1 with win2000. my solution was to stop the mcafee framework service before i shut down or rebooted the pc. then the slowdown disappeared. Hope this help.

Thank you for your reply shek. I'm glad to know that I'm not the only one that has experienced this with McAfee VirusScan Enterprise. Stopping the McAfee Framework Service does the trick; it seems to correct the issue. However, it is not something that I want to do everytime I shut down or restart the computer.

I just can't understand why this happens with both 7.1 and 8.0i on clean installs of both Windows 2000 SP4 and XP SP2 whenever I check for updates. It is supposed to be a professional product, so it shouldn't have constant flaws as simple as that. Despite that I can use this for free, I'm going to start looking for other alternatives.

Thank you for your replies, I appreciate it. If anyone else has any other suggestions, please let me know.

After much searching and troubleshooting, I was just about to give up. But then I found a utility from Microsoft called User Profile Hive Cleanup Service that deals with shut down and restart problems regarding the registry. It runs as a Windows Service, uses 1MB-2MB of RAM, and takes care of them problem on its own and corrects it. It does report that it is the McAfee Common Framework causing the error, but it prevents the error from slowing down the shut down or restart.

User Profile Hive Cleanup Service
http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&displaylang=en

i have never seen any problems under 8.0i version. i only saw it happened under 7.1 with win2000. but it was not very often and also depends on people's system. here is a log(winnt\usererv.log)created by userenv.dll.

USERENV(d4.bc) 17:07:00:323 MyRegUnLoadKey: Hive unload for S-1-5-21-1844237615-2111687655-1957994488-1000 failed due to open registry key. Windows will try unloading the registry hive once a second for the next 60 seconds (max).
USERENV(d4.bc) 17:08:00:440 MyRegUnLoadKey: Windows was not able to unload the registry hive.
USERENV(d4.bc) 17:08:00:440 MyRegUnLoadKey: Failed to unmount hive 5
USERENV(d4.bc) 17:08:00:440 UnloadUserProfile: Didn't unload user profile <err = 5>
USERENV(d4.bc) 17:08:00:440 DumpOpenRegistryHandle: 2 user registry Handles leaked from \Registry\User\S-1-5-21-1844237615-2111687655-1957994488-1000

i think the red section above is the reason why the slowdown happens. it seems like userenv.dll doesn't have the proper right to unload the registry. i think it relates to mvse components' right to acess registry. you could look it up from the help file.