cancel
Showing results for 
Search instead for 
Did you mean: 

RE: Scan timed Out events



We have the same problem, but the VSE extremly slowly when timeout:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Network Associates\Common Framework\Db\Agent_<pc>.xml

Patch Level 5
EPO 4.0 Patch 2

What can i do?

Answer is in the knowledge base

Does anyone actually use the knowledge base in this forum? I am not implying that you don't use the KB, so please forgive any perceived sarcasm.

Here's a link to the solution:

https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=616076&sliceI...
tonyb99
Level 13
Report Inappropriate Content
Message 13 of 20

RE: Answer is in the knowledge base



The original post querying the issue is 6 months old, that knowledgbase article is only 2-3 weeks old judging by the dat files used in the examples. Most of the time the knowledgbase is very usefull but a lot of non english admins find it very hard to use, and in many cases issues are raised and workarounds discussed here before Mcafee release an article from their private in house knowledgebase to the public faceing one.
dEcSup
Level 7
Report Inappropriate Content
Message 14 of 20

RE: Scan timed Out events



i have removed event 1051 and 1059 from event filtering..
i tried KB https://knowledge.mcafee.com/Support...200%2039764834 but cannot get the field instructed.

I'm still receiving reports on scan timeouts.. any other suggestion? sad
tonyb99
Level 13
Report Inappropriate Content
Message 15 of 20

RE: Scan timed Out events

So you have switched off 1059 events in the server configuration/ events filtering and you have exempted the events you have already collected by applying the filter on 1059 evenbts to your reports (as stated in the link)

but you are still getting scan timed out hits on your report?
dEcSup
Level 7
Report Inappropriate Content
Message 16 of 20

RE: Scan timed Out events



Yes, i have switched 1051 and 1059 events off in the server configuration/ events filtering and examined the collected reports were from 1059 and 1051 events but still getting Scan timed out hits.

One thing i noticed is that the clients sending were those have just joined ePO. Is it becoz of 1059 events has been sent to ePO prior to policy being pushed to them? but if events filtering is running in ePO, this should not happen. or the clients themselves will filter events before sending to ePO? then this can explain..

another thing i don't know should i post here or start another thread.. when i purge events log, it takes forever to finish. :mad: any idea?

Thanks Tony for your reply.
tonyb99
Level 13
Report Inappropriate Content
Message 17 of 20

RE: Scan timed Out events

Yes thats exactly it

If you note on the event filtering in EPO 4.0 it says.
"The agent forwards - only selected events to the server"

but until they have checked in and received that policy they will still forward 1059 events, so you get them from new agents until they pick up the filtered forwarding policy and then they will stop forwarding them, if you have added the filter to reports this shouldnt be too much of an issue as you still wont see them.

If you have all these entries I can see why it would take some time, I know when I was purging on 3.6.1 my initial purge took 18 hours, but once I'd got that out of the way it could be between 5-30 minutes depending on how things were going. I would just persevere with it until you have cleared the crud out (or create an sql query to clear out stuff older than xxx if you really cant wait)
dEcSup
Level 7
Report Inappropriate Content
Message 18 of 20

RE: Scan timed Out events

ok.. i try to purge again. will monitor when it finish purging. thanks a lot!

RE: Scan timed Out events

Not to be a pain but the link for the KB article no longer works and I can't find anything when searching the Mcafee KB.

I did a simple search saying scan timed out and no results found.

Could someone please point me to the solution as I also have this problem? Patch 6 Mcafee AV 8.5 EPO4 Not entirely sure I want to not report this event.

RE: Scan timed Out events

Try KB53317, however this KB isn't clear that you add a filter for "EventID" does not equal "1059.

FYI, in my case I've removed EventID 1059 from Configuration/Server Settings/Event Filtering. I can live with some agents reporting this event before they get the policy to stop reporting it.

Richard J.C.
x1 4.0 ePO Patch 5/Build 1298
x1 3.0.2 ePO
McAfee Agent 3.5.5.438 & 4.0.0.1494
VSE 8.0.0.1009 Patch 14 1000 Units
VSE 8.7 Patch 2 10 Units and growing
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community