Loading...

Knowledge Center

Print
Explanation of why scan time-outs occur
Technical Articles ID:  KB55869
Last Modified:  2/13/2015
Rated:

Environment

McAfee MOVE AntiVirus Agentless
McAfee SaaS Endpoint Protection
McAfee Security Service for Exchange
McAfee Security for Lotus Domino (Windows)
McAfee Security for Mac
McAfee Endpoint Protection for Mac
McAfee VirusScan Enterprise
McAfee VirusScan Enterprise for Linux

Problem

Scan time-outs occur, and the following error displays:
The scan of FILENAME has taken too long to complete and is being cancelled. Scan engine xxxx and DAT version is xxxx

Cause

This error is informational and does not indicate a software malfunction.

The scan time-out message is logged when a scan stops before the file has been completely scanned, and the virus scanning software has no way to determine if the file is infected.

Solution

McAfee anti-virus products have an intentional cutoff time when the scan of a particular file must stop, and the scan time-out feature is intended to prevent a denial of service.

All McAfee Anti-Virus products work in a similar way:
  1. A request for a file is intercepted by the On-Access Scanner.
  2. The file is scanned.
  3. The file is passed to the user or application that requested the file or, if the file is infected, the appropriate action is taken by the scanner and the user is informed of the infection.
NOTE: The file being scanned is unavailable until the scan completes.

The amount of time taken to scan the file depends primarily on the following factors:
  • File complexity.
  • File size.
  • File location.
  • File type. File extensions such as .jar, .chm, .cab, and .zip are all archive files that typically use a very high compression. To scan these archives, each file must be extracted from the archive. This can use a large amount of memory depending on the type of data in the archive and how well it compresses.
  • Processing power of the computer scanning the files (and amount of memory if the file must be uncompressed).
  • Network speed (if the file has to be copied over a network to be scanned).
If a time-out mechanism is not used, you are denied access to the file until the scan is complete (this might be minutes or even hours, depending on the factors previously mentioned). For example, if the file is still being scanned after 30 seconds, the scanner will time out. The length of time before this time-out occurs varies by product and can usually be configured. For information on configuring scan time-out settings for your product, see the appropriate product guide.

If the scan of a particular file takes longer than allowed by the time-out value, the scan is stopped. An event is generated in the application event log to note that the scan timed out on the file after the defined scan time-out value. This information is also sent to Alert Manager and ePolicy Orchestrator if they are installed. An example of this error message is:
The scan of FILENAME has taken too long to complete and is being cancelled. Scan engine xxx and DAT version is xxxx
NOTE: Scan time-out behavior is present only in McAfee anti-virus On-Access Scanners. Scheduled or On-Demand scans do not time out and take as long as required to fully scan all files.

All McAfee desktop and server products scan all files in an archive upon extraction. If a large and complex archive causes the scan to time out, there is little risk. When the contents are extracted to the hard disk, each file is scanned individually by the On-Access Scanner.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.