Knowledge Center

Unable to check in V3 DATs (AMCore), manually or automatically
Technical Articles ID:   KB89306
Last Modified:  7/10/2018


McAfee DATs
McAfee ePolicy Orchestrator (ePO) 5.x


You are unable to check in V3 DATs (AMCore), manually or automatically. The epoapsvr.log records the following:
20170503142756  E   #03868  SITEMGR   ReplicaLog: Failed to open file C:\PROGRA~2\McAfee\EPOLIC~1\DB\Software\Current\AMCORDAT2000\DAT\0000\Replica.log, error=32
20170503142756  e   #03868  SITEMGR   InsertToReplicationLog: Failed save to file C:\PROGRA~2\McAfee\EPOLIC~1\DB\Software\Current\AMCORDAT2000\DAT\0000\Replica.log

A procmon log entry for the save failure shows a sharing violation:
High Resolution Date & Time:    03/05/2017 14:27:56.2362666
Event Class:    File System
Operation:      CreateFile
Path:   C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Software\Current\AMCORDAT2000\DAT\0000\Replica.log
TID:    3868
Duration:       0.0002238
Desired Access: Generic Write, Read Attributes
Disposition:    OverwriteIf
Options:        Synchronous IO Non-Alert, Non-Directory File
Attributes:     N
ShareMode:      None
AllocationSize: 0

All other content checks in to the master repository successfully.


This issue is caused by a conflict with the CPGAgent service, a Mandiant/FireEye product. There is a sharing violation to the following Mandiant library file:
C:\ProgramData\Application Data\CPG Agent\NamespaceEvents_0.dll
Version 10.6.18


Disable the CPGAgent service to allow for successful check-in of the V3 DATs.

Rate this document

Beta Translate with

Select a desired language below to translate this page.


This article is available in the following languages:

English United States

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.