Loading...

Knowledge Center

Explanation of why scan time-outs occur
Technical Articles ID:   KB55869
Last Modified:  1/9/2017
Rated:

Environment

McAfee Endpoint Protection for Mac (EPM)
McAfee Endpoint Security (ENS)
McAfee Endpoint Security for Mac (ENSM)
McAfee MOVE AntiVirus Agentless (MOVE AV Agentless)
McAfee SaaS Endpoint Protection
McAfee Security for Microsoft Exchange (MSME)
McAfee Security for Lotus Domino (Windows)  (MSDW)
McAfee Security for Mac
McAfee VirusScan Enterprise (VSE)
McAfee VirusScan Enterprise for Linux (VSEL)

Problem

Scan time-outs occur, and the following error displays:
The scan of FILENAME has taken too long to complete and is being cancelled. Scan engine xxxx and DAT version is xxxx

Cause

This error is informational and does not indicate a software malfunction. The scan time-out message is logged when a scan stops before the file has been completely scanned, and the virus scanning software has no way to determine whether the file is infected.

Solution

McAfee anti-virus products have an intentional cutoff time when the scan of a particular file must stop; the scan time-out feature is intended to prevent a denial of service.

All McAfee anti-virus products work in a similar way:
  1. A request for a file is intercepted by the On-Access Scanner.
  2. The file is scanned.
  3. The file is passed to the user or application that requested the file or, if the file is infected, the appropriate action is taken by the scanner and the user is informed of the infection.
NOTE: Any file that is actively being scanned is unavailable until the scan completes.

The amount of time taken to scan the file depends primarily on the following factors:
  • File complexity
  • File size
  • File location
  • File type - File extensions such as .jar, .chm, .cab, and .zip are all archive files that typically use a very high rate of compression. To scan these archives, each file must be extracted from the archive and scanned individually. This can use a large amount of memory, depending on the type of data in the archive and how well it compresses.
  • Processing power of the computer scanning the files (and amount of memory if the file must be uncompressed)
  • Network speed (if the file has to be copied over a network to be scanned)
If a time-out mechanism is not used, you are denied access to the file until the scan is complete (this might be minutes or even hours, depending on the factors previously mentioned). For example, if the file is still being scanned after 30 seconds, the scanner will time out. The length of time before this time-out occurs varies by product and can usually be configured. For information on configuring scan time-out settings for your product, see the appropriate product guide.

If the scan of a particular file takes longer than allowed by the time-out value, the scan is stopped. An event is generated in the application event log to note that the scan timed out on the file after the defined scan time-out value. This information is also sent to Alert Manager and ePolicy Orchestrator if they are installed. An example of this error message is:
The scan of FILENAME has taken too long to complete and is being cancelled. Scan engine xxx and DAT version is xxxx
NOTE: Scan time-out behavior is present in all McAfee anti-virus On-Access Scanners. On-Demand scans do not have a time-out and take as long as required to fully scan any target files, with the exception of Endpoint Security 10.1.x and later, which has a built-in non-configurable timeout of 45 seconds.

All McAfee desktop and server products scan all files in an archive upon extraction. If a large and complex archive causes the scan to time out, there is little risk. When the contents are extracted to the hard disk, each file is scanned individually by the On-Access Scanner.

Disclaimer

The content of this article originated in English. If there are differences between the English content and its translation, the English content is always the most accurate. Some of this content has been provided using Machine Translation translated by Microsoft.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.