Showing results for 
Search instead for 
Did you mean: 

Correct syntax to exclude a Mount Point

I'm running VSE 8.7i patch 4 an all of my servers each with identical On-Access Scan exclusion lists including:

D:\   with subfolders=yes

**\itv\ with subfolders=yes

Recently, I started getting the following on several of the severs:

Event Type:    Error

Event Source:    McLogEvent

Event Category:    None

Event ID:    5051

Date:        7/14/2011

Time:        4:38:05 AM


Computer:    ICCPLANCETF2


A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated. Thread id : 7096 (0x1bb8)

Thread address : 0x7C8285EC

Thread message :

Build VSCORE. / 5400.1158

Object being scanned = \Device\HarddiskVolume3\itv\work\disc0001306.vvx

by System:Remote









Even though I don't have an exclusion for a mount point, I would have thought the second exclusion listed above would handle it.  It doesn't apparenlty.  In addition, the error sometimes points to simply \Device\HarddiskVolume3\ so I need to add an exclusion for the mount point specifically.  I searched for how to exclude Mount points and found the following: with several examples but they don't seem to work.  I tried adding the following exclusion:  \Device\HarddiskVolume* with subfolders=yes.  This didn't help.  I still continue to get the errors in the event log.  What is the correct syntax?  I want to exclude scanning of any files access from ant mount point. 

Another question regarding this error:  It says the object being scanned is by System:Remote.  what does that mean? 

Other times, the object being scanned is

Object being scanned = \Device\HarddiskVolume3\

by C:\WINDOWS\Explorer.EXE


Object being scanned = \Device\HarddiskVolume3\

by C:\WINDOWS\System32\snmp.exe

Why would Explorer or SNMP, or other processes be causing McAfee to fire up OAS?   I've seen no other references to error 5051 that mentions anything other than McAfee accessing the files. 

2 Replies

Re: Correct syntax to exclude a Mount Point

Just glancing at your post, it looks like your syntax is correct. I have followed the same KB article for mount points used by Exchange and SQL servers, and I can confirm that did work.

System:Remote implies that it's the kernel access the file for some process on another box (or rarely itself, but through a share).

One thing that might help...

I noticed the one filename you gave was VVX. That's not in the normal extension list, so I am assuming you have the OAS policies set to scan all files.


Re: Correct syntax to exclude a Mount Point

I wasn't sure which example you were referring to but I found my earlier statement that \Device\HarddiskVolume* and subfoders = yes didn't work to be untrue.  In further review, I found the setting had been removed, my guess by the EPO server.  After setting it once more, and making sure it was still set later, I've not had a reoccurrence of the problem on any servers. 

As for your query about the file extension VVX, OAS is set to scan all files except those in the exclusion list.  I could exclude that one but there are several more, and some files with no extensions at all.  In addition, some of the errors were simply for \Device\HarddiskVolume3\ and no file as indicated in the original post.  So I need to exclude the disk or folder rather than the files within. 

Thanks for your help.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community