4 Replies Latest reply on May 1, 2017 6:45 PM by johnmoe

    Files Not Scanned By ENS 10.5.1

    eduardo0407

      Hello.

       

      I was looking at the OnDemand_Activity log and saw that my ODS scanned 150.000 files and 750.000 files were not scanned. After that summary, I can see that some files were not scanned because they are encrypted, or because of permission issues. But that adds up to only 6.000 files. I checked the time that the scan was started and finished and the duration was close to an hour. I think that these 750.000 files were not scanned because the ODS stopped, but I'm know sure why that happened. The ODS ePO Task was configured without a stop limit and the client workstation was not turned off or restarted.

       

      Looking into the Known Issues article, I found the following: Issue: On-Demand Scan "files scanned" may not increment in the On-Demand Scan activity log, nor does "items scanned" increment in the On-Demand Scan pop-up dialog box, for files that are not detected as malware.

       

      Is it possible for those 750.000 files to be scanned but still show up in Acvity log as "not scanned"? Could that be the issue?

        • 1. Re: Files Not Scanned By ENS 10.5.1
          chrisnlc

          I would say those files are in the scan cache and have not changed.

           

          To see this in action On-Demand Scan a subfolder (so it does not take long) and examine the onDemandScan_Activity.log - note the stats:

           

          Files scanned:

          Files not scanned:

           

          Now scan the same folder again and check the new stats in the log. Almost all those files will not be scanned. If you open/close or change a bunch of those files and ODS again you'll see Files Scanned increase and so on.

          ENS has intelligent ODS and will not scan files if they've not changed since the last ODS.

           

          HTH

           

          _Chris.

          • 2. Re: Files Not Scanned By ENS 10.5.1
            eduardo0407

            I thought that too, and sorry for not mentioning in my first message, but looking at the policy I can see that the cache is disabled. Can you think of some other reason for this? If indeed the scan was stopped before it could scan all files, it would show in the logs simply as "files not scanned"?

             

            Thanks.

            • 3. Re: Files Not Scanned By ENS 10.5.1
              jabii

              I have a question for you regarding something related.

              ENS 10.5 will scan files unmodified with a new AMCORE /DAT file etc?

               

              ex: today i scan a file with an AMcore, if after 3 days i will scan again the same file (unmodified), will it be scanned or not?

              • 4. Re: Files Not Scanned By ENS 10.5.1
                johnmoe

                eduardo0407 I'm having a look in my own OnDemandScan_Activity.log, and I see what you mean.  For my full scan, I see 1,300,000 files scanned, and 110,000 files not scanned.  My scan is limited to 12 hours, and took 189 hours to complete (I'm doing initial testing around how long it'd take to scan a system, so my scans aren't properly configured yet).  So even though it *is* limited by time, it still ran to completion, but didn't scan almost 10% of them.  Once I get my policies set up properly, if it's still happening, I'll probably log a ticket for it.  I'd suggest you do the same in the meantime.

                 

                jabii If you have a question, start your own thread for it, don't try to hijack someone else's question.  It just confuses things and makes helping both of you more difficult.