3 Replies Latest reply on Jul 1, 2016 5:34 AM by boschind

    On Demand Scan generates too many File I/O errors threat events to ePO

    alhaawi

      when On Demand Scan run on Suse Linux , it generates too many File I/O errors threat events in the epo server. what should I do to avoid getting those too many events from on demand scan?

        • 1. Re: On Demand Scan generates too many File I/O errors threat events to ePO
          boschind

          hello i also have a couple of Red Hat Enterprise Linux Server release 5.10 (Tikanga) generating many File I/O errors like the following

          any idea ?

          Server ID:

          xxx
          Event Received Time:6/24/16 11:14:06 AM
          Event Generated Time:6/24/16 11:13:03 AM
          Agent GUID:3A9F0C5A-B755-E311-982B-000000000000
          Detecting Prod ID (deprecated):NULL
          Detecting Product Name:VirusScan Enterprise for Linux
          Detecting Product Version:1.9.0.28822
          Detecting Product Host Name:xxxxxx
          Detecting Product IPv4 Address:10.100.200.76
          Detecting Product IP Address:10.100.200.76
          Detecting Product MAC Address:
          DAT Version:none
          Engine Version:none
          Threat Source Host Name:
          Threat Source IPv4 Address:0.0.0.0
          Threat Source IP Address:0.0.0.0
          Threat Source MAC Address:
          Threat Source User Name:
          Threat Source Process Name:
          Threat Source URL:
          Threat Target Host Name:xxxxxx
          Threat Target IPv4 Address:0.0.0.0
          Threat Target IP Address:0.0.0.0
          Threat Target MAC Address:
          Threat Target User Name:oracle
          Threat Target Port Number:
          Threat Target Network Protocol:
          Threat Target Process Name:OAS
          Threat Target File Path:none
          Event Category:Scan failed
          Event ID:1046
          Threat Severity:Error
          Threat Name:none
          Threat Type:Unknown
          Action Taken:None
          Threat Handled:True
          Analyzer Detection Method:OAS

           

          Events received from managed systems 

           

          Event Description:File I/O errors.
          • 2. Re: On Demand Scan generates too many File I/O errors threat events to ePO

            That event is from OnAccessScan - not ODS.

             

            But the file I/O means engine could not access items for scanning

            https://kb.mcafee.com/corporate/index?page=content&id=KB78291

             

            You could evaluate the location of the files either in OAS or ODS and decide if you wan to exclude that filetype or locationfrom scanning.

             

            The event states "oracle" - if the machine is hosting databases and some locked files used by databases may produce scan errors as they cannot be opened scanned in OAS or ODS so to avoid errors you could exclude.

             

            If you want to maintain scanning everything and simply avoid the events getting to db  - in ePO - Server Settings - Event Filtering - this list the events that will and won't be sent to ePO - if you deselect 1046 - this will change the agent policy locally not to send those events.

            • 3. Re: On Demand Scan generates too many File I/O errors threat events to ePO
              boschind

              thanks for the prompt and meaningful reply - i'll check again OAS exclusions