cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Abhijith
Level 9
Report Inappropriate Content
Message 1 of 24
‎03-02-2020 03:59 AM

Scheduled On-demand scan is not running

The scheduled On-demand scan is not getting started on any of the Machines. We have scheduled the Custom on-Demand Scan on both Servers and Workstation with different time schedules, but it has not started on any of the machines. We created a query with Event ID 1035 and 34855 and could only find 1035 events.
0 Kudos
Reply
23 Replies
Thussain
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 24
‎03-02-2020 04:51 AM

Re: Scheduled On-demand scan is not running

Thank you for posting your query

May I know if you have installed Endpoint security or VSE on the client machines. 

What is the version of the application installed, what is the version of extensions installed

As per the https://kc.mcafee.com/corporate/index?page=content&id=KB52417

Event Id 1035 refers to The scan was canceled at time %GMTTIME%.

Is the scan set to run only when the system is idle

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
0 Kudos
Reply
LKS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 24
‎03-02-2020 05:15 AM

Re: Scheduled On-demand scan is not running

Hi Abhijith,

You may need to check couple of things here. What is the EPO and Agent version. By querying the specific Event id is good known idea to confirm. However i would suggest you to check On-demand scan log. Also check if the below event id's are enabled in ENS common policy under Client logging-->Event Logging only if it is ENS

1202

1203 

Also what if you completely remove the existing task and create a new one to see if that works. 

Masvc log  will show you Task initiated time and On demand scan log will show you the action. If the Task initiated by scheduler but not actioned by ENS or VSE, we may need to check with respective point product team.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

0 Kudos
Reply
Abhijith
Level 9
Report Inappropriate Content
Message 4 of 24
‎03-02-2020 06:59 AM

Re: Scheduled On-demand scan is not running

Agent Version 5.6.2
ENS 10.6.1

Event logging is enabled in the client logging.

0 Kudos
Reply
YashT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 24
‎03-02-2020 08:32 PM

Re: Scheduled On-demand scan is not running

Hello @Abhijith,

As per your query it seems you are receiving only 1035 events.

1035 is for VSE: 

1035 ODS SEVERITY_INFORMATIONAL ops.task.cancel None 257 Information The scan was canceled at time %GMTTIME%.

 

The product you are using as you said is ENS, so you need to check on the event id : 

1202 event_name_1202=On-Demand Scan started
event_desc_1202=On-Demand Scan started		 Threat Prevention
1203 event_name_1203=On-Demand Scan complete
event_desc_1203=On-Demand Scan complete. Viruses Found %NUMVIRS%, Cleaned %NUMCLEANED%, Deleted %NUMDELETED%, Quarantined %NUMQUARANTINED%.Scan version %ENGINEVERSION% DAT version %DATVERSION%.		 Threat Prevention

 

1. Make sure you have enabled the event id 1202 and 1203 in Event filtering option within server settings of EPO.

2. You need to configure Policy based On demand scan in systems to receive the scan details.

3. Reports need to configured using : KB69428.

4. Also refer to How to create an ePolicy Orchestrator report for policy-based, on-demand full scans completed by Endpoint Security Threat Prevention
Technical Articles ID: KB86702

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Yash T
0 Kudos
Reply
Abhijith
Level 9
Report Inappropriate Content
Message 6 of 24
‎03-03-2020 12:43 AM

Re: Scheduled On-demand scan is not running

Hi YashT,

Thanks for the Info.

We have only created a Custom On-demand Scan's on all the machines. So just need a clarity on ur point 2 which tells to configure policy based ODS and how does it differ from the custom.





0 Kudos
Reply
LKS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 24
‎03-03-2020 01:30 AM

Re: Scheduled On-demand scan is not running

Hi Abhijith,

There is no much difference between Policy based on-demand scan and Custom based on demand scan.

If you use Policy based on-demand scan, you have an option to stop and start the scan. Where as you won't get the same option on custom on-demand scan.

Rest everything is pretty much same configuration. Also Custom based on-demand scan probably used to target some groups of users if am not wrong.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

0 Kudos
Reply
Abhijith
Level 9
Report Inappropriate Content
Message 8 of 24
‎03-03-2020 04:17 AM

Re: Scheduled On-demand scan is not running

I had scheduled a scan on the 2 servers and still i did not find the "scan started" event on any of the machines.

Kindly let me know if I can upload a log checking the issue further.

 

0 Kudos
Reply
LKS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 24
‎03-03-2020 05:13 AM

Re: Scheduled On-demand scan is not running

I would require Masvc log and On-demand scan log to check further. Or i would request you run MER from the problematic client and open a service request. We need to check the DB files to see if the scheduled task is initiated or reached to client machine. More debugging is required. 

0 Kudos
Reply
Abhijith
Level 9
Report Inappropriate Content
Message 10 of 24
‎03-03-2020 08:14 AM

Re: Scheduled On-demand scan is not running

We checked and found the below in the ODS log

Mcafee .JPG

The logs shows the scan is been completed.

But can we create a query to get the events in ePO.

 

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC