Event 21426 is logged on an agent computer, and you receive an error message in the Microsoft Operations Manager (MOM) 2005 Operator Console

When McAfee VirusScan Enterprise 8.0i is installed on an agent computer, you experience the following symptoms:

• Event 21426 is logged in the Application event log of the agent computer.
• You receive the following error message in the Microsoft Operations Manager (MOM) 2005 Operator Console:
  Name:
  The MOM Host process was consuming too much memory and will be terminated
  
  Description:
  The host process for the script responses (nnnn) will be restarted because it is using nnnnnn more bytes than its limit of 104857600. To adjust this limit, edit the Software\Mission Critical Software\OnePoint\MaxScriptHostPrivateBytes registry key.
  
  Management Group: group name

This problem occurs because McAfee VirusScan replaces the Windows Script Host component with the ScriptScan proxy component (ScriptProxy.dll). The ScriptScan proxy component scans JavaScript scripts and Visual Basic Scripting Edition (VBScript) scripts. When a script runs and passes through the scan as clean, the script is passed to the appropriate Windows Script Host. The ScriptScan proxy component parses scripts before they are run by the associated Windows Script Host. When the ScriptScan feature is turned on, the MOMHost.exe component slowly leaks memory. However, turning off the ScriptScan feature in the McAfee VirusScan properties does not correct the problem.

Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

To work around this problem, you must unregister the ScriptScan proxy component. To do this, follow these steps.

Important When you unregister the ScriptScan proxy component, McAfee VirusScan does not check scripts for viruses.

1. Log on to the agent computer by using an account that has domain administrator permissions.
2. Click Start , click Run , type cmd, and then click OK.
3. At the command prompt, locate the %ProgramFiles%\Network Associates\VirusScan folder.
4. At the command prompt, type the following:
   regsvr32 /u scriptproxy.dll
5. You must restart the MOM service to apply the changes. To do this, follow these steps:
   1. Click Start, point to Administrative Tools, and then click Services.
   2. In the Services snap-in, right-click MOM, and then click Restart.
   3. Exit the Services snap-in.

For information about your hardware manufacturer, visit the following Web site: For more information about this problem, visit the McAfee support Web site: Note On the McAfee support Web site, search for the following Solution ID references: kb40067, kb47302, kb40049, and kb46223. The symptoms discussed in this Microsoft Knowledge Base article directly relates to the McAfee Solution ID kb40067. Although McAfee VirusScan Enterprise 8.0i does not fix the memory leak, a hotfix is available from McAfee to unregister the ScriptProxy.dll. Contact McAfee support to obtain this hotfix.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.