cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
markgarza
Level 10
Report Inappropriate Content
Message 1 of 5

"Continue scanning" Action in On-Demand Scan Policy

Hi, I inherited our EPO from an ex co-worker some time ago and am just noticing that our servers ODS policy has "Continue scanning" as the action. I have noticed in our alert emails the following:

Event status : Infected file found, access denied

Action: Continue scanning

I am wondering what this means exactly? Was the scanner denied access? And does leaving "continue scanning" as the action mean just leave the threat on the system? If the threat is ever executed, the On-Access Scan should catch that anyway and at that point quarantine the file, correct? I would assume that is the rationale behind this, but I am considering changing it to match our OAS policy actions if that is not the case.

4 Replies
yaz
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: "Continue scanning" Action in On-Demand Scan Policy

Hi @markgarza 

Thanks for reaching out to community. 

Do you see any of the event ID's for continue scan 

1024, 1026, 1037, 1051, 1053, 1059, 1061,
1095, 1096, 1099, 1100, 1103, 1202, 1203,
1274, 1275, 1276, 1277, 1282, 1283, 1284,
1285, 1289, 1290, 1291, 1292, 1294, 1296,
1298, 1300, 1302, 1304, 1305, 1307, 1308,
1310, 1311, 1400, 1401, 1402, 1404, 1407,
1409, 1411, 1413, 1064, 1065, 1087,
 1088, 1118, 1119, 1120, 1121,

Kindly write back what is the one you see. 

Also we strongly recommend you to raise an SR as there may be multiple issues associated with this and we need to figure out the exact root cause. 

Was my reply helpful?

If yes, please give me a Kudo.

If I have answered your query, kindly mark this as solution so that together we help other community members. 

Was my reply 

markgarza
Level 10
Report Inappropriate Content
Message 3 of 5

Re: "Continue scanning" Action in On-Demand Scan Policy

Yes, I am seeing 1024 primarily as the Event ID. 

yaz
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: "Continue scanning" Action in On-Demand Scan Policy

Hi @markgarza 

Thanks for replying back. 

We needed to carry out further investigation. 

I request you to raise an SR and we can check on the file analysis. 

 

Re: "Continue scanning" Action in On-Demand Scan Policy

Did you have an outcome here?

We see the same behavior now with some log4j events and the ENS in the latest version.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community