7 Replies Latest reply on Aug 4, 2016 2:43 PM by whitead

    Scan Timeout: Access Denied


      EPO 5.3
      MOVE AV [multi-platform]
      VirusScan Enterprise


      I recently deployed MOVE AV to a limited amount of VMware VDI machines and we're running into an issue. A user is attempting to install a piece of software and the files used by the installation keep getting locked up in scans and the installation fails.


      In Windows Logs, Application, I see this:

      "Deferred scan is in progress for file 'V:\Users\bi0400\AppData\Local\Temp\OWP2EB1.tmp\sharepointdesigner.ww\spdww.cab '. (A thread in \Device\Mup\nasvs1\users$\BI0400\My Documents\downloads from c\en_sharepoint_designer_2013_with_sp1_x86_3948134.exe process took 45 seconds for scanning. Hence, access denied.)"


      In EPO, I see this in the event log of the machine:


      Server ID:SERVER
      Event Received Time:9/17/15 2:13:28 PM
      Event Generated Time:9/17/15 2:09:23 PM
      Agent GUID:38183660-5CD0-11E5-1271-000000000000
      Detecting Prod ID (deprecated):MOVEVOFF2600
      Detecting Product Name:MOVE AV Client
      Detecting Product Version:3.6.1
      Detecting Product Host Name:VDESKTOP
      Detecting Product IPv4 Address:
      Detecting Product IP Address:
      Detecting Product MAC Address:
      DAT Version:
      Engine Version:
      Threat Source Host Name:
      Threat Source IPv4 Address:
      Threat Source IP Address:
      Threat Source MAC Address:
      Threat Source User Name:
      Threat Source Process Name:
      Threat Source URL:
      Threat Target Host Name:IT-2
      Threat Target IPv4 Address:
      Threat Target IP Address:
      Threat Target MAC Address:
      Threat Target User Name:DOMAIN\USER
      Threat Target Port Number:
      Threat Target Network Protocol:
      Threat Target Process Name:\Device\Mup\server\users$\USER\My Documents\downloads from c\en_sharepoint_designer_2013_with_sp1_x86_3948134.exe
      Threat Target File Path:V:\Users\USER\AppData\Local\Temp\OWP2EB1.tmp\sharepointdesigner.ww\spdww.cab
      Event Category:Scan started
      Event ID:34283
      Threat Severity:Warning
      Threat Name:Deferred Scan Started
      Threat Type:None
      Action Taken:denied
      Threat Handled:False
      Analyzer Detection Method:OAS

      *Domain and usernames sanitized


      Most settings and policies are default. I'm concerned about going into production with this, and having applications delayed or disrupted by scans timing out and denying access to the file. I would appreciate any advice with this issue. Please let me know if any more details are needed.