cancel
Showing results for 
Search instead for 
Did you mean: 
admin
Level 7
Report Inappropriate Content
Message 1 of 4

Scan Timeout - Alerts

This kind of ties into my other thread -- http://community.mcafee.com/showthread.php?t=216721 --- Which I think has been resolved via a checkbox in ePO policy.

Is there a way to disable the reporting of Scan Timeouts?

The fact that these are reported to ePO as a Virus, makes the query reports totally useless! If I look at my Top 10 infected hosts, all 10 are listed solely for the fact that they have repeated scan timeouts!!!??? :mad:

This needs to be addressed by McAfee in a similar fashion as - dont report unable to scan encripted files - checkbox.

Is there a regkey or anything that anybody knows of that solves this issue? :confused:
3 Replies
wka999
Level 7
Report Inappropriate Content
Message 2 of 4

RE: Scan Timeout - Alerts

To solve this issue go to

Configuration button
Server Setting tab
Event Filtering from left pane
Click on Edit button on the bottom of the page
And uncheck ( 1059: Scan Timed Out (Medium) ) or any error you do not want to be reported.
Finally wake up all your agent

I hope this will solve your issue

RE: Scan Timeout - Alerts

Hi - I tried this and unchecked the "1059: Scan Timed Out (Info)" alert but I am still seeing these events in my reports and queries. Is there something that needs to be configured in the alert settings for the VS 8.5 Alert policies to tell the clients not to send those alerts? I thought having the client send all alerts and having the server filter them was the proper procedure?

RE: Scan Timeout - Alerts

I found this events 1051 and 1059 really nerved. I what delete only events with this ID from my eventprotokoll. It really works. My way:

1. Disable notification for event 1051 and 1059 (Configuration/server settings/event filtering/edit)

2. Create a query for id 1051 and 1059 (SQL code is on bottom)

3. Delete events with this query
go to Reporting/event log/purge
choose purge by query and select the new created query

4. Done


Sql code for query:
select [EPOEvents].[DetectedUTC], [EPOEvents].[Analyzer], [EPOEvents].[TargetHostName], [EPOEvents].[ThreatCategory], [EPOEvents].[ThreatEventID], [EPOEvents].[ThreatName], [EPOEvents].[AutoID] from [EPOEvents] where ( ( [EPOEvents].[ThreatEventID] = 1059 ) or ( [EPOEvents].[ThreatEventID] = 1051 ) ) order by [EPOEvents].[DetectedUTC] asc, [EPOEvents].[Analyzer] asc, [EPOEvents].[TargetHostName] asc, [EPOEvents].[ThreatCategory] asc, [EPOEvents].[ThreatEventID] asc, [EPOEvents].[ThreatName] asc