This content has been marked as final. Show 5 replies
I have these events also, and they really pollute the malware events, so, i have filtered them out of queries also.
Kind of envitably a few will time out, but it is strange on some of the files it can time out on, its the problem it triggers a 'malware' category of event that is annoying, but like i say, i filter it. event 1049 if i remember correctly
Well the thing that bothers me the most about this is that for every event, it seems to me that on the system that generated it, Mcafee VS is sitting there trying to scan a 2k file. This is burning system resources. As well as using bandwidth as the agents communcate this back to the ePO server.
Another thing to think about, is why are these files timing out? Is VS in an infinite loop?
VS "I will scan avvscan.dat. Let me check avvscan.dat for the info I need...waiting...hmm, that file is busy with some other process. I will skip it."
but VS is probably the process that has it locked...grrrr...
i think i will set these files up for exclusion to the scan. There is the don;t mess with mcafee files option that is seperate.
Yes. I did see that one.
I still have an issue with having McAfee files giving scan time out errors. It just seems unproductive to me. And the recommendation it to filter them in the reporting.
But that does not remove the fact that I have some 90-100,000 events per week, which eats bandwidth and also burns cycles on VSE. What deos VSE do while it is waiting for the file to timeout? Does it lock the client up because other files are queing up for scanning? Can VSE do parallel scanning of files?
Ans there are settings in VSE to not allow changes to McAfee files. I would think that not exlcuding them would be redundant. Protecting the files would be a write process. So the files should not get changed. So if there is that protection, why can't i exclude them from read scanning of OAS?
I get these alerts as well.