• Article

McAfee GroupShield is installed on this Exchange server but the service is stopped

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2005-11-18

The Microsoft® Exchange Server Analyzer Tool queries the Win32_Service Microsoft Windows® Management Instrumentation (WMI) class to determine whether McAfee GroupShield for Microsoft Exchange is installed and if the McAfee GroupShield service is running on the Exchange computer.

The Exchange Server Analyzer also queries the Win32_Service WMI class to determine whether the value set for the Started key in the Microsoft Exchange Information Store service is set to True or False.

A value of False indicates that the Information Store service is not running on this Exchange Server computer. A value of True indicates that the Microsoft Exchange Information Store service is running.

If the Exchange Server Analyzer finds that the Microsoft Exchange Information Store service is running, and that McAfee GroupShield is installed, but the McAfee GroupShield service is not started, a warning is displayed.

McAfee GroupShield provides antivirus protection for Exchange. Some reasons the McAfee GroupShield service may have been stopped, together with solutions are listed here.

  • The software you are running on your Exchange Server may be an evaluation or trial version that has expired. In this case, you may need to reinstall McAfee GroupShield. At a minimum, to continue using the software, you must activate it.

  • An administrator may have unintentionally stopped the McAfee GroupShield service. Verify that the service is set to start automatically, and then start the service.

  • A malicious worm, virus, or other program may have stopped the service. Verify that the service is set to start automatically, and start the service. If the service continues to stop unexpectedly without relevant error events, verify that the computer is not infected with a malicious worm and disinfect the system if needed.

Microsoft generally recommends deploying antivirus software designed for messaging systems at either the Simple Mail Transfer Protocol (SMTP) gateway or at the Exchange servers that host mailboxes. For the most protection, run antivirus software at the gateway that scans the incoming MIME messages, and a scanner on the Exchange Server that uses VSAPI 2.5.

To start the McAfee GroupShield service

  1. Open the Services MMC snap-in.

  2. Right-click McAfee GroupShield service, and then click Properties.

  3. On the General tab of the McAfee GroupShield property page, make sure the Start-up type is set to Automatic. If it is not, click Apply, and then click OK.

  4. Right-click McAfee GroupShield service, and then click Start.

  5. Close the Services snap-in.

Additionally, you should be running client antivirus software on the user desktop. If you are running antivirus software designed for messaging systems (it can parse and scan MIME) at the gateway or on the Exchange server, running a file-level scanner at the desktop is sufficient.

  • For more information about the different types of virus-scanning programs that are typically used with Microsoft Exchange Server 2003, see the Microsoft Knowledge Base article 823166, "Overview of Exchange Server 2003 and antivirus software" (https://go.microsoft.com/fwlink/?LinkId=3052&kbid=823166).

  • For more information about the different types of virus-scanning programs that are typically used with Microsoft Exchange 2000 Server, see the Knowledge Base article 328841, "Exchange and Antivirus Software" (https://go.microsoft.com/fwlink/?LinkId=3052&kbid=328841).

  • For information about fortifying an Exchange environment against e-mail transmitted viruses and worms, see the Microsoft white paper, "Slowing and Stopping E-Mail Viruses in an Exchange Server 2003 Environment" (https://go.microsoft.com/fwlink/?LinkId=30732).