Event ID: 5008

  • Article

Applies To: Forefront Endpoint Protection

Event ID 5008 — Forefront Endpoint Protection Client

This event is logged in the System log.

Details

Product

Microsoft Malware Protection

ID

5008

Source

Microsoft Antimalware

Version

3.0

Symbolic Name

MALWAREPROTECTION_ENGINE_FAILURE

Message

Forefront Endpoint Protection client engine has been terminated due to an unexpected error.

  • Failure Type: Hang, Crash

  • Engine Type: Antivirus, Antispyware, Software Restriction, Antimalware, Network Inspection System

  • Exception code: <Error code>

  • Resource: <Resource>

Explanation

The Forefront Endpoint Protection client engine stopped due to an unexpected error.

User Action

To troubleshoot this event, use the following steps:

  1. Try to restart the service.

    • For antimalware, antivirus and spyware, at an elevated command prompt, type net stop msmpsvc, and then type net start msmpsvc to restart the Antimalware engine.

    • For the Network Inspection System, at an elevated command prompt, type net start nissrv, and then type net start nissrv to restart the NIS engine by using the NiSSRV.exe file.

  2. If it fails in the same way, look up the error code by accessing the Microsoft Support Site (https://go.microsoft.com/fwlink/?LinkId=215163) and entering the error number in the Search box, and contact Microsoft Technical Support (//go.microsoft.com/fwlink/?LinkId=215491).