3 Replies Latest reply on Jul 30, 2008 7:39 AM by DanielS

    Scan Timeout - Alerts

      This kind of ties into my other thread -- http://community.mcafee.com/showthread.php?t=216721 --- Which I think has been resolved via a checkbox in ePO policy.

      Is there a way to disable the reporting of Scan Timeouts?

      The fact that these are reported to ePO as a Virus, makes the query reports totally useless! If I look at my Top 10 infected hosts, all 10 are listed solely for the fact that they have repeated scan timeouts!!!??? :mad:

      This needs to be addressed by McAfee in a similar fashion as - dont report unable to scan encripted files - checkbox.

      Is there a regkey or anything that anybody knows of that solves this issue? :confused:
        • 1. RE: Scan Timeout - Alerts
          To solve this issue go to

          Configuration button
          Server Setting tab
          Event Filtering from left pane
          Click on Edit button on the bottom of the page
          And uncheck ( 1059: Scan Timed Out (Medium) ) or any error you do not want to be reported.
          Finally wake up all your agent

          I hope this will solve your issue
          • 2. RE: Scan Timeout - Alerts
            Hi - I tried this and unchecked the "1059: Scan Timed Out (Info)" alert but I am still seeing these events in my reports and queries. Is there something that needs to be configured in the alert settings for the VS 8.5 Alert policies to tell the clients not to send those alerts? I thought having the client send all alerts and having the server filter them was the proper procedure?
            • 3. RE: Scan Timeout - Alerts
              I found this events 1051 and 1059 really nerved. I what delete only events with this ID from my eventprotokoll. It really works. My way:

              1. Disable notification for event 1051 and 1059 (Configuration/server settings/event filtering/edit)

              2. Create a query for id 1051 and 1059 (SQL code is on bottom)

              3. Delete events with this query
              go to Reporting/event log/purge
              choose purge by query and select the new created query

              4. Done


              Sql code for query:
              select [EPOEvents].[DetectedUTC], [EPOEvents].[Analyzer], [EPOEvents].[TargetHostName], [EPOEvents].[ThreatCategory], [EPOEvents].[ThreatEventID], [EPOEvents].[ThreatName], [EPOEvents].[AutoID] from [EPOEvents] where ( ( [EPOEvents].[ThreatEventID] = 1059 ) or ( [EPOEvents].[ThreatEventID] = 1051 ) ) order by [EPOEvents].[DetectedUTC] asc, [EPOEvents].[Analyzer] asc, [EPOEvents].[TargetHostName] asc, [EPOEvents].[ThreatCategory] asc, [EPOEvents].[ThreatEventID] asc, [EPOEvents].[ThreatName] asc