cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Unknown error received from scanners

Jump to solution

I run McAfee Security 1.2.0 (1549) on OS X 10.9.  When trying to scan a folder, the scan always fails, with the message

shown in the title.  What to do?

3 Solutions

Accepted Solutions
Reliable Contributor User91972758
Reliable Contributor
Report Inappropriate Content
Message 8 of 11

Re: Unknown error received from scanners

Jump to solution

Hi LoriWH,

If you are receiving Event ID 1048, and event description "Scan reports general system error." on the threat events, as Chealey mentioned it's best to try and check the file types and permissions.

For example, on the linux system that's generating the errors you could do the following:
- If the error occurs in the /usr/sbin/rsyslogd user directory and the scan is having an error on /var/lib/rsyslog/imjournal.state.tmp

Using the Command Line on the system where the error is reported try the following:

cd /usr/sbin/rsyslog
ls -l

ls -l <--this will provide permissions on the file
file rsyslog <-- this would tell you what kind of extension the file is

I believe those are the steps that they're wanting us to try. From my experience working with the linux systems in my environment is I've had to exclude file types such as .tmp as the file will appear and be deleted quicker than my OAS is able to process them. With what I understand is it's the inability to "find" these files which can cause this event to occur.

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 9 of 11

Re: Unknown error received from scanners

Jump to solution

@User91972758 Thank you for your detailed explanation! You've hit the nail on the head with what Chealey--and MD back in 2013--was getting at. These are factors which can cause this messaging. In some cases, like the quick existence and removal (or in some cases rename) of files like .tmp, exclusions are needed in order to avoid the messaging as the files used by the OS are too transient to allow effective scanning for average performance hardware.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Reliable Contributor User91972758
Reliable Contributor
Report Inappropriate Content
Message 11 of 11

Re: Unknown error received from scanners

Jump to solution
If we're receiving the error 1048 - Unknown Error, after doing research all it means is that the On-access or On-Demand scan is unable to scan that specific file, whatever it may be. Whether it's a .dmp, .tmp, .mnt etc. So until there's an update for ENS to scan certain file types it may be better to try and exclude that specific file.

For example if you go to System Tree > Find a System > Pull up its Threat Event Logs and see:
ID: 1048 - Scan reports general system error, open this event to view which file it had an issue scanning. I pull up an event like this and see ENS had an issue scanning:
Threat Target Process Name: /bin/gawk
Threat Target File Path: /root/shoudbe.out

We now have the ability to exclude this specific file path / process if we want, but it's up to your discretion. If we exclude it this event will not be recorded for that file / path or process.

I hope this helps. Let me know if you need more insight.
10 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 11

Re: Unknown error received from scanners

Jump to solution

Moved to MAC & Linux Products sub-forum for better support.

gururaj
Level 9
Report Inappropriate Content
Message 3 of 11

Re: Unknown error received from scanners

Jump to solution

Hi Peter,

Can you check what permission are set on that folder and what types files are present inside folder .

Do EICAR test and see that scanner are working fine .

Generate MER and raise support case so that we can look into the issue in more depth.

Regards,

Gururaj.m.d

Louis67
Level 7
Report Inappropriate Content
Message 4 of 11

Re: Unknown error received from scanners

Jump to solution

MAC O/S Error: Unknown error received from scanners

Hi,

I have the same error. I have a 2016 MBP 15" at 10.12.6.

Is there a fix for this problem? It looks like this problem goes back to 2013.

The newer posts are not in this  forum.

Louis

Re: Unknown error received from scanners

Jump to solution

I have the same problem. Is there a fix? Please let me know.
Thanks.
Stephen

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 6 of 11

Re: Unknown error received from scanners

Jump to solution

Can you check what permissions are set on that folder and what types files are present inside the folder?

What happens if you perform an EICAR test?

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
LoriWH
Level 7
Report Inappropriate Content
Message 7 of 11

Re: Unknown error received from scanners

Jump to solution

I also have this problem, and I unfortunately don't understand those instructions. Can you please clarify them?

Reliable Contributor User91972758
Reliable Contributor
Report Inappropriate Content
Message 8 of 11

Re: Unknown error received from scanners

Jump to solution

Hi LoriWH,

If you are receiving Event ID 1048, and event description "Scan reports general system error." on the threat events, as Chealey mentioned it's best to try and check the file types and permissions.

For example, on the linux system that's generating the errors you could do the following:
- If the error occurs in the /usr/sbin/rsyslogd user directory and the scan is having an error on /var/lib/rsyslog/imjournal.state.tmp

Using the Command Line on the system where the error is reported try the following:

cd /usr/sbin/rsyslog
ls -l

ls -l <--this will provide permissions on the file
file rsyslog <-- this would tell you what kind of extension the file is

I believe those are the steps that they're wanting us to try. From my experience working with the linux systems in my environment is I've had to exclude file types such as .tmp as the file will appear and be deleted quicker than my OAS is able to process them. With what I understand is it's the inability to "find" these files which can cause this event to occur.

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 9 of 11

Re: Unknown error received from scanners

Jump to solution

@User91972758 Thank you for your detailed explanation! You've hit the nail on the head with what Chealey--and MD back in 2013--was getting at. These are factors which can cause this messaging. In some cases, like the quick existence and removal (or in some cases rename) of files like .tmp, exclusions are needed in order to avoid the messaging as the files used by the OS are too transient to allow effective scanning for average performance hardware.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Micboc
Level 7
Report Inappropriate Content
Message 10 of 11

Re: Unknown error received from scanners

Jump to solution
I don't understand the fix, which you state hit the nail on the head. Can you simplify for those of us with somewhat lessor working knowledge of programming?
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator