Running in to a similar dilemma from the post below. We are running McAfee Enterprise Support for Storage with EMC Isilon via ICAP.
Once a file is determined to be malicious the data that is reported back through EPO is c:\windows\VSEICAP\Temp\malicious_filename.
While we need to go and investigate the full file path McAfee doesn't offer the whole path. Is there a setting to change that or another location that would provide \\unc\filelocation\malicious_filename?
Hi, VSES will write detail on the file it has been sent for scanning in %deflogdir%\icapscan.log As the whole file has been copied from the filer to the temporary scan location on the scanner you will only see an entry such as this.
20/05/2019 13:41:43 Scan Started VSES_hostname Scan Request Received From :filer_IPV4 File to scan : C:\Windows\Temp\VSEIcapTempFiles\2019_20_5_acad.fas
This is a limitation not seen with the use of a NetApp filer, which either uses RPC or local ONTAP service, and will write the source UNC path\filename. KB = The VirusScan Enterprise for Storage log file contains \\?\UNC prefix for remote file names . KB60129
Detection`s will be in the VSES.log (VSES program folder) and the Windows application log on the VSES scanner will write an event also (example)
ERROR 20/05/2019 13:41:43 McLogEvent None 259 SYSTEM VSES_hostname The file C:\Windows\Temp\VSEIcapTempFiles\2019_20_5_acad.fas contains ALS/Cadken Virus. Detected with Scan Engine xxxx DAT version yyyy
Can I check which ICAP filer vendor and version you are using please?
Do you see anything written filer end to the local message log regarding the malicious file?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.