5 Replies Latest reply on May 29, 2009 9:26 AM by dustrho

    1000s of scan timed out events

      ePO 4.0. Agent 3.6.608. VSE 8.5i.

      I have some several hundred systems that generate server thousand events daily for scan timed out.

      A majority of these are for Mcafee files, like agent.ini or avvclean.dat.

      the agent.ini is about 2k. Should not time out.

      i opened a case with mcafee support, but thier response was this was normal and i should just filter these out. Is this really normal? Anyone else have this issue?
        • 1. RE: 1000s of scan timed out events
          I have these events also, and they really pollute the malware events, so, i have filtered them out of queries also.


          Kind of envitably a few will time out, but it is strange on some of the files it can time out on, its the problem it triggers a 'malware' category of event that is annoying, but like i say, i filter it. event 1049 if i remember correctly

          J
          • 2. RE: 1000s of scan timed out events
            Well the thing that bothers me the most about this is that for every event, it seems to me that on the system that generated it, Mcafee VS is sitting there trying to scan a 2k file. This is burning system resources. As well as using bandwidth as the agents communcate this back to the ePO server.

            Another thing to think about, is why are these files timing out? Is VS in an infinite loop?

            VS "I will scan avvscan.dat. Let me check avvscan.dat for the info I need...waiting...hmm, that file is busy with some other process. I will skip it."

            but VS is probably the process that has it locked...grrrr...

            i think i will set these files up for exclusion to the scan. There is the don;t mess with mcafee files option that is seperate.

            Thanks
            PS
            • 4. RE: 1000s of scan timed out events
              Yes. I did see that one.

              I still have an issue with having McAfee files giving scan time out errors. It just seems unproductive to me. And the recommendation it to filter them in the reporting.

              But that does not remove the fact that I have some 90-100,000 events per week, which eats bandwidth and also burns cycles on VSE. What deos VSE do while it is waiting for the file to timeout? Does it lock the client up because other files are queing up for scanning? Can VSE do parallel scanning of files?

              Ans there are settings in VSE to not allow changes to McAfee files. I would think that not exlcuding them would be redundant. Protecting the files would be a write process. So the files should not get changed. So if there is that protection, why can't i exclude them from read scanning of OAS?

              thanks!!
              PS
              • 5. RE: 1000s of scan timed out events
                dustrho
                I get these alerts as well.