6 Replies Latest reply on Jan 28, 2010 8:34 AM by bostjanc

    scan timeout issue

    bostjanc

      Greetings!

       

      In our company we made weekly on demand scan task. It was run for the first time this wensday and now I have to make a report what did the task found.

       

      I found a lot of scan timeout events. 90% of them are for the mcafee files which are usually stored in C:\ProgramData\McAfee\Common Framework folder, but some of them are for different files.

      for example:

       

      -C:\WINDOWS\NTDS\edb.chk,

      -C:\,

      -C:\Documents and Settings\specificuser\Local Settings\History\History.IE5\index.dat

      ...

       

      Questions:

      1. Should I be consurned about thoose different files scan timeout events? I have checked the settings and saw that we have 45seconds timeout for on-access and on-demand-scan.

       

      2. Is it wise to explicit that mcafee files are not checked? Where to put that exclusion in on-access scan? I know how to put exclusions in on-demand-scan task settings, but I haven't find this choice for on-access scanning?

        • 1. Re: scan timeout issue
          bostjanc

          One more thing.

          How can I found out which computers did not run this on-demand-scan task? i have made some changes before the task had run under Server Settings / Event Filter in event IDs 1202 and 1203, which are ODS started and ODS stopped respectively but here I don't get info which computers have not run the task.

          • 2. Re: scan timeout issue
            serc09

            bostjanc schrieb:

             

            One more thing.

            How can I found out which computers did not run this on-demand-scan task? i have made some changes before the task had run under Server Settings / Event Filter in event IDs 1202 and 1203, which are ODS started and ODS stopped respectively but here I don't get info which computers have not run the task.

             

            When the scan is started at 1500 you can run a server task running a query at 1515 sending you the result via email.

             

            Set up the query to filter ID 1202 (to filter the PCs started the task) and the time the event was generated to be in the last 20 minutes. The query has to be in form of a table the be run by a server task.

             

            Hope that helped you - if not i can go into detail.

             

            serc09

             

             

            Nachricht geändert durch serc09 on 22.01.10 10:38:50 GMT+01:00
            • 3. Re: scan timeout issue
              SergeM

              Hi,

               

              In our company we made weekly on demand scan task.

               

              Good practice, lucky you you can do this... (OK, I'm *******' on my users)

               

              I found a lot of scan timeout events.

               

              "scan timed-out" occur quite often, they happen when a file is too large (and I suspect, when VSE cannot get hold of the file for some reason).

              I see "scan timed out" events a lot, mostly on "rt.jar" (different instances) files, which are quite large...

               

              About your particular sample :

               

              • C:\WINDOWS\NTDS\edb.chk,
              • C:\,
              • C:\Documents and Settings\specificuser\Local Settings\History\History.IE5\index.dat
              • ...

               

              I'd recommend reading the VSE thread http://community.mcafee.com/message/20623#20623 on VSE best practices and recommended exclusions.

              I'd also suggest in particular "Virus scanning recommendations for computers that are running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, Windows Vista, or Windows 7" (MS KB : http://support.microsoft.com/kb/822158)  which is cited in the thread above.

               

              I say this because edb.chk is amongst the files that MS recommends should not be scanned... (I suppose it may impact the system stability or...)

               

              I'd be more concerned about your second example... does your system have trouble scanning "C:\" ?  That's unusual for me (and I don't like unusual when dealing with AV behaviour)

              About the History/index...  I'd suggest cleaning the MSIE history (regularly) and possibly reducing the number of days the indiscrete git keeps track of webpage visits...

               

              take care

                Serge

               

               

              PS (edit) : perhaps this thread belongs in the VSE group of threads... I dunno...

               

               

               

              Message was edited by: Serge M. on 1/22/10 11:06:46 AM CET

               

               

              Message was edited by: Serge M. on 1/22/10 11:07:32 AM CET
              • 4. Re: scan timeout issue
                bostjanc

                Thanks guys for the answers. I will try this on monday and let ya know.

                 

                With best regards,

                • 5. Re: scan timeout issue
                  bostjanc

                  Serc09.

                   

                  Sorry for such dork question, but I tried to do a server task exactlly as you told me, and unfortunatelly in epo 4.5 I don't have any EVENT IDs similiar to your that you have suggested. I have posted an jpeg as printscreen, plz. help

                   

                   

                  Message was edited by: bostjanc on 1/26/10 9:18:59 AM GMT+01:00
                  • 6. Re: scan timeout issue
                    bostjanc

                    Still waiting for any reply to help me to solve the problem.

                     

                    with best regards,

                     

                    bostjan