ntevl probe unable to report description for some errors (McLogEvent EventID: 259)

Document ID : KB000034413
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

Error message in ntevl log file shows:
Feb 21 09:52:26:974 ntevl: Error getting message string for event DETAILS: Publisher: McLogEvent EventID: 259
Feb 21 09:52:26:974 ntevl: RecordHandler - log=1, count=0, number=11123
Feb 21 09:52:26:974 ntevl: EventHandler (Event ID 259 - 11122)

and also for EventID: 5000
----------------------------------
Event Message:
Event ID: 259
Source: McLogEvent
Computer: PXDAVxxxx.abcdinsurance.com

The description for Event ID 259 from source McLogEvent cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:

The file \\?\UNC\10.12.1.xxx\ONTAP_ADMIN$\vol\nas2_vol1\home_dir\k1539\UserData\AutoRecover\Word\AutoRecovery save of Business Case - AAEE (v1.6 draft) 2.13 contains the Exploit-MSWord.i.gen Trojan. No cleaner available, file deleted successfully. Detected using Scan engine version 5400.1158 DAT version 6992.0000.

The message resource is present but the message is not found in the string/message table.

----------------------------------

Resolution:

***This is a McAfee/Microsoft Windows event issue based upon the event description in Windows and testing.***

See also:
http://www.eventid.net/display.asp?eventid=259&eventno=10839&source=McLogEvent&phase=1

and/or

https://community.mcafee.com/thread/4412