cancel
Showing results for 
Search instead for 
Did you mean: 
sriga
Level 7
Report Inappropriate Content
Message 1 of 5

AV ondemand scan for VSE

Recently I have created the OnDemand scan to the machines in my company on weekly basis. All machines are running as per the schedule. But the problem is I found a lot of time difference in runtime.

For example, I created a scan schedule for one machine every Monday. In the 1st-week machine took 2 hrs to complete the scan run time, in the 2nd-week same machine has taken 5 min to complete the scan, in 3rd week 2hrs and in 4th week 5min. this is how the runtime cycle is running. so could you please explain to me the AV scan run time functionality and please provide the solution for my problem. If anyone had this kind of problem kindly help me.

Below are the logs for reference

12/3/2018 1:59:55 PM Engine version = 5900.7806
12/3/2018 1:59:55 PM AntiVirus DAT version = 9019.0
12/3/2018 1:59:55 PM Number of detection signatures in EXTRA.DAT = None
12/3/2018 1:59:55 PM Names of detection signatures in EXTRA.DAT = None
12/3/2018 1:59:55 PM Scan Started Forest\Machin1$ (managed) VSE_Scan_Schedule
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Scan Summary
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Processes scanned : 112
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Processes detected : 0
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Processes cleaned : 0
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Boot sectors scanned : 2
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Boot sectors detected: 0
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Boot sectors cleaned : 0
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Files scanned : 116763
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Files with detections: 0
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ File detections : 0
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Files cleaned : 0
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Files deleted : 0
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Files not scanned : 111
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Scan Summary (Registry Scanning)
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Keys scanned : 133306
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Keys detected : 0
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Keys cleaned : 0
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Keys deleted : 0
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Run time : 0:03:12
12/3/2018 2:03:07 PM Scan Complete Forest\Machin1$ (managed) VSE_Scan_Schedule


12/10/2018 1:59:55 PM Engine version = 5900.7806
12/10/2018 1:59:55 PM AntiVirus DAT version = 9019.0
12/10/2018 1:59:55 PM Number of detection signatures in EXTRA.DAT = None
12/10/2018 1:59:55 PM Names of detection signatures in EXTRA.DAT = None
12/10/2018 1:59:55 PM Scan Started Forest\Machin1$ (managed) VSE_Scan_Schedule
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Scan Summary
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Processes scanned : 112
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Processes detected : 0
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Processes cleaned : 0
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Boot sectors scanned : 2
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Boot sectors detected: 0
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Boot sectors cleaned : 0
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Files scanned : 116794
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Files with detections: 0
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ File detections : 0
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Files cleaned : 0
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Files deleted : 0
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Files not scanned : 111
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Scan Summary (Registry Scanning)
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Keys scanned : 133306
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Keys detected : 0
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Keys cleaned : 0
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Keys deleted : 0
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Run time : 1:44:00
12/10/2018 3:43:54 PM Scan Complete Forest\Machin1$ (managed) VSE_Scan_Schedule


12/17/2018 1:59:55 PM Engine version = 5900.7806
12/17/2018 1:59:55 PM AntiVirus DAT version = 9019.0
12/17/2018 1:59:55 PM Number of detection signatures in EXTRA.DAT = None
12/17/2018 1:59:55 PM Names of detection signatures in EXTRA.DAT = None
12/17/2018 1:59:55 PM Scan Started Forest\Machin1$ (managed) VSE_Scan_Schedule
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Scan Summary
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Processes scanned : 112
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Processes detected : 0
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Processes cleaned : 0
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Boot sectors scanned : 2
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Boot sectors detected: 0
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Boot sectors cleaned : 0
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Files scanned : 117067
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Files with detections: 0
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ File detections : 0
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Files cleaned : 0
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Files deleted : 0
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Files not scanned : 111
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Scan Summary (Registry Scanning)
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Keys scanned : 133700
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Keys detected : 0
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Keys cleaned : 0
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Keys deleted : 0
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Run time : 0:03:21
12/17/2018 2:03:15 PM Scan Complete Forest\Machin1$ (managed) VSE_Scan_Schedule


12/24/2018 1:59:55 PM Engine version = 5900.7806
12/24/2018 1:59:55 PM AntiVirus DAT version = 9019.0
12/24/2018 1:59:55 PM Number of detection signatures in EXTRA.DAT = None
12/24/2018 1:59:55 PM Names of detection signatures in EXTRA.DAT = None
12/24/2018 1:59:55 PM Scan Started Forest\Machin1$ (managed) VSE_Scan_Schedule
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Scan Summary
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Processes scanned : 112
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Processes detected : 0
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Processes cleaned : 0
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Boot sectors scanned : 2
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Boot sectors detected: 0
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Boot sectors cleaned : 0
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Files scanned : 117095
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Files with detections: 0
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ File detections : 0
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Files cleaned : 0
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Files deleted : 0
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Files not scanned : 112
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Scan Summary (Registry Scanning)
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Keys scanned : 133700
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Keys detected : 0
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Keys cleaned : 0
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Keys deleted : 0
12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Run time : 1:45:28
12/24/2018 3:45:22 PM Scan Complete Forest\Machin1$ (managed) VSE_Scan_Schedule


12/31/2018 1:59:55 PM Engine version = 5900.7806
12/31/2018 1:59:55 PM AntiVirus DAT version = 9019.0
12/31/2018 1:59:55 PM Number of detection signatures in EXTRA.DAT = None
12/31/2018 1:59:55 PM Names of detection signatures in EXTRA.DAT = None
12/31/2018 1:59:55 PM Scan Started Forest\Machin1$ (managed) VSE_Scan_Schedule
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Scan Summary
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Processes scanned : 104
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Processes detected : 0
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Processes cleaned : 0
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Boot sectors scanned : 2
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Boot sectors detected: 0
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Boot sectors cleaned : 0
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Files scanned : 117111
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Files with detections: 0
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ File detections : 0
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Files cleaned : 0
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Files deleted : 0
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Files not scanned : 111
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Scan Summary (Registry Scanning)
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Keys scanned : 133714
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Keys detected : 0
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Keys cleaned : 0
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Keys deleted : 0
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Run time : 0:03:21
12/31/2018 2:03:15 PM Scan Complete Forest\Machin1$ (managed) VSE_Scan_Schedule

4 Replies
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: AV ondemand scan for VSE

@sriga 

The On Demand Scan does not have a specific time to complete in general. It depends upon the size of the local drive and the files which are in place. So one should need not to worry about the time duration. The idle time would vary from 3 hours to 5 hours depending upon the configuration.

I would like you to go through the KB article KB74059 and KB55145. This would help you understand the ODS and its functionality.

Hope this helps.

Cheers!!!!

Venu
Highlighted
Reliable Contributor rmetzger
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: AV ondemand scan for VSE

Hi sriga,

Synopsis:


@sriga wrote:

Recently I have created the OnDemand scan to the machines in my company on weekly basis. All machines are running as per the schedule. But the problem is I found a lot of time difference in runtime.

Below are the logs for reference

12/3/2018 1:59:55 PM Engine version = 5900.7806
12/3/2018 1:59:55 PM AntiVirus DAT version = 9019.0
12/3/2018 2:03:07 PM Scan Summary Forest\Machin1$ Run time : 0:03:12


12/10/2018 1:59:55 PM Engine version = 5900.7806
12/10/2018 1:59:55 PM AntiVirus DAT version = 9019.0
12/10/2018 3:43:54 PM Scan Summary Forest\Machin1$ Run time : 1:44:00


12/17/2018 1:59:55 PM Engine version = 5900.7806
12/17/2018 1:59:55 PM AntiVirus DAT version = 9019.0
12/17/2018 2:03:15 PM Scan Summary Forest\Machin1$ Run time : 0:03:21


12/24/2018 1:59:55 PM Engine version = 5900.7806
12/24/2018 1:59:55 PM AntiVirus DAT version = 9019.0

12/24/2018 3:45:22 PM Scan Summary Forest\Machin1$ Run time : 1:45:28


12/31/2018 1:59:55 PM Engine version = 5900.7806
12/31/2018 1:59:55 PM AntiVirus DAT version = 9019.0
12/31/2018 2:03:15 PM Scan Summary Forest\Machin1$ Run time : 0:03:21


As I read your logs, your DAT version has Not changed for the entire month of Dec. Clearly, this is an issue that should be checked. This will also explain why Cached scans are taking so little time to finish.

If some condition causes the cache to be disturbed, a full/noncached scan is employed. Updating the DAT causes a new, uncached scan to occur.

Hope this helps.

Ron Metzger

Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: AV ondemand scan for VSE

Sounds like Enable the scan cache - The scanner maintains a cache of previously scanned files even through restarts of the computer. This setting improves performance by using the existing scan results to determine whether files need to be scanned. Clean files are added to the clean file scan cache. The next time these files are accessed, they will not be scanned unless they are no longer in the cache or have been changed since they were last scanned.

Check to see Enable the scan cache

  • ENS: Configure the option Use the scan cache in the on-demand scan policy.
  • VSE: Configure the following Global Scan Settings: Enable saving scan data across reboots and Allow on-demand scans to utilize the scan cache. (General Options Policies > Configure global options and settings)

 

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: AV ondemand scan for VSE

@sriga I second the suggestions by @rmetzger and @tao. In regards to your failing DAT update, I would first advise that you confirm your Master Repository and any Agent Handlers/Super Agent Distributed Repositories that this system could get its updates from are succesfully up to date. Then, once you've confirmed that the system is scheduled to receive a daily DAT update task (as it should be), test running the DAT update task and review the McAfee Agent masvc_<system name>.log and mscript.log to confirm if the task invokes successfully and begins download of the files needed successfully. If you do not see this is the case, I would suggest reinstalling or upgrading the McAfee Agent to see if it resolves the issue as it is the product responsible for facilitating these updates.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community