Eventlog Error MPSampleSubmission mptelemetry

G

Guest

In the Application Event log on a PC, there is an Error listed with a source
of MPSampleSubmission.

It mentions:

EventType mptelemetry

and also mentions "windows defender".

How can I determine what this Error means?

This is Windows XP all service packs.

Windows Defender Version: 1.1.1593.0
Engine Version: 1.1.2704.0
Definition Version: 1.20.2825.10

Thanks.
 
D

Dave M

Hi Dadof4;
Could you post the complete error message from the event log. There's a
copy button (the bottom of 3 buttons) on the Event Properties window that
will allow you to paste it in a post... So it should look pretty much like
this, if your getting the 5000 Event ID:

Event Type: Error
Event Source: MPSampleSubmission
Event Category: None
Event ID: 5000
Date: 6/15/2007
Time: 2:11:02 AM
User: N/A
Computer: MESH
Description:
The description for Event ID ( 5000 ) in Source ( MPSampleSubmission )
cannot be found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote
computer.
You may be able to use the /AUXSOURCE= flag to retrieve this description;
see
Help and Support for details. The following information is part of the
event:
mptelemetry, 8024402c, endsearch, search, 1.1.1593.0, mpsigdwn.dll,
1.1.1593.0, windows defender, NIL, NIL, NIL.
Data:
0000: 6d 00 70 00 74 00 65 00 m.p.t.e.
...etc.

I'd like to see the error code as shown above just after mptelemetry as it
exists on your system. Also, though you're only one signature update
behind, you might want to run a Check for updates... The current is posted
here in the Signatures newsgroup.
 
G

Guest

Event Type: Error
Event Source: MPSampleSubmission
Event Category: None
Event ID: 5000
Date: 8/9/2007
Time: 12:11:28 PM
User: N/A
Computer: mycomputer
Description:
EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 70 00 74 00 65 00 m.p.t.e.
0008: 6c 00 65 00 6d 00 65 00 l.e.m.e.
0010: 74 00 72 00 79 00 2c 00 t.r.y.,.
0018: 20 00 38 00 30 00 30 00 .8.0.0.
0020: 37 00 32 00 65 00 66 00 7.2.e.f.
0028: 64 00 2c 00 20 00 65 00 d.,. .e.
0030: 6e 00 64 00 73 00 65 00 n.d.s.e.
0038: 61 00 72 00 63 00 68 00 a.r.c.h.
0040: 2c 00 20 00 73 00 65 00 ,. .s.e.
0048: 61 00 72 00 63 00 68 00 a.r.c.h.
0050: 2c 00 20 00 31 00 2e 00 ,. .1...
0058: 31 00 2e 00 31 00 35 00 1...1.5.
0060: 39 00 33 00 2e 00 30 00 9.3...0.
0068: 2c 00 20 00 6d 00 70 00 ,. .m.p.
0070: 73 00 69 00 67 00 64 00 s.i.g.d.
0078: 77 00 6e 00 2e 00 64 00 w.n...d.
0080: 6c 00 6c 00 2c 00 20 00 l.l.,. .
0088: 31 00 2e 00 31 00 2e 00 1...1...
0090: 31 00 35 00 39 00 33 00 1.5.9.3.
0098: 2e 00 30 00 2c 00 20 00 ..0.,. .
00a0: 77 00 69 00 6e 00 64 00 w.i.n.d.
00a8: 6f 00 77 00 73 00 20 00 o.w.s. .
00b0: 64 00 65 00 66 00 65 00 d.e.f.e.
00b8: 6e 00 64 00 65 00 72 00 n.d.e.r.
00c0: 2c 00 20 00 4e 00 49 00 ,. .N.I.
00c8: 4c 00 2c 00 20 00 4e 00 L.,. .N.
00d0: 49 00 4c 00 20 00 4e 00 I.L. .N.
00d8: 49 00 4c 00 0d 00 0a 00 I.L.....
 
D

Dave M

Hi Dadof4;

We'll it appears we're getting somewhere. The 80072efd (hexadecimal -
0x80072efd) error translates to ERROR_INTERNET_CANNOT_CONNECT The attempt
to connect to the server failed during the windows update process.

See if you can work through this KB article, which also has a guided help
capability:
http://support.microsoft.com/kb/836941

I've also seen references to one of the referenced errors in that KB being
cleared by just re-installing Defender, which might be the least painful
first attempt at a fix.
http://www.castlecops.com/postx172936-0-15.html

One or the other of these approaches should get your error cleared, I
suspect it's your firewall blocking communications with the Windows Update
server unless you're using a WSUS update server that I don't know about.
Let us know how you make out.
 
B

Bill Sanderson MVP

I see this error a lot, but the machines I see it on are behind ISA Server
firewall proxy--and I haven't figured out how to fix it yet.

Generally, the efd error indicates a firewall or proxy issue, so that's what
I'd look at.

I'd love to hear a report that the KB article and especially the guided help
cleared this one--so far my experience with guided help hasn't been helpful.

--
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top