McAfee ePO 5.3.x, 5.9.x
McAfee MOVE MultiPlatform 4.5.1, 4.61
Issue:
Infected Files are no deleted by McAfee MOVE
error:
U.1428.2852: May 15 2018:11:09:24.531: ERROR: svc_socket.c: 2028: IP: Failed to send SMART FILE response ( \Device\HarddiskVolume3\McAfee\ePO\591\EPO591L.zip ) ( ) err ( 10053 )
U.1428.2652: May 15 2018:11:10:09.531: ERROR: svc_socket.c: 274: socket send failed(err: WSAECONNABORTED = 10053), Client has closed the connection (may be due to Timeout).
U.1428.2652: May 15 2018:11:10:09.531: ERROR: avs_server.c: 1130: write_scan_resp_based_on_protocol failed: 10053
U.1428.2652: May 15 2018:11:10:09.531: ERROR: avs_server.c: 1406: avs_write_scan_response failed. err: 10053
U.1428.2652: May 15 2018:11:10:09.531: ERROR: svc_socket.c: 2028: IP: Failed to send SMART FILE response ( \Device\HarddiskVolume3\McAfee\ePO\591\EPO591L.zip ) ( ) err ( 10053 )
U.1428.2612: May 15 2018:11:10:31.844: ERROR: avs_server.c: 915: [SCAN FLOW] Failed to calculate cksum of file: [\\?\X:\McAfee\MOVE AV Server\scanfiles\2284\shay - Copy.txt], err: [13], err_text: [Permission denied].
U.1428.2612: May 15 2018:11:10:31.844: ERROR: svc_socket.c: 1802: IP: Failed to get file: \Device\HarddiskVolume2\Users\shay.a\Desktop\shay - Copy.txt, err: -1
U.1428.3980: May 15 2018:11:10:44.906: ERROR: avs_server.c: 915: [SCAN FLOW] Failed to calculate cksum of file: [\\?\X:\McAfee\MOVE AV Server\scanfiles\2468\shay - Copy - Copy.txt], err: [13], err_text: [Permission denied].
U.1428.3980: May 15 2018:11:10:44.906: ERROR: svc_socket.c: 1802: IP: Failed to get file: \Device\HarddiskVolume2\Users\shay.a\Desktop\shay - Copy - Copy.txt, err: -1
U.1428.1240: May 15 2018:11:10:48.406: ERROR: avs_server.c: 915: [SCAN FLOW] Failed to calculate cksum of file: [\\?\X:\McAfee\MOVE AV Server\scanfiles\2548\$RG4Y2O9.txt], err: [13], err_text: [Permission denied].
U.1428.1240: May 15 2018:11:10:48.406: ERROR: svc_socket.c: 1802: IP: Failed to get file: \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-854873570-2405677725-3658187990-1382\$RG4Y2O9.txt, err: -1
U.1428.1132: May 15 2018:11:10:54.532: ERROR: svc_socket.c: 274: socket send failed(err: WSAECONNABORTED = 10053), Client has closed the connection (may be due to Timeout).
U.1428.1132: May 15 2018:11:10:54.532: ERROR: avs_server.c: 1130: write_scan_resp_based_on_protocol failed: 10053
U.1428.1132: May 15 2018:11:10:54.532: ERROR: avs_server.c: 1406: avs_write_scan_response failed. err: 10053
U.1428.1132: May 15 2018:11:10:54.532: ERROR: svc_socket.c: 2028: IP: Failed to send SMART FILE response ( \Device\HarddiskVolume3\McAfee\ePO\591\EPO591L.zip ) ( ) err ( 10053 )
Solutions:
Exclude the process "mvserver.exe" from Virus Scan scan on the Scan Server(SVM)
1 Log on to McAfee ePO as an administrator.
2 Select Menu | Policy | Policy Catalog, select VirusScan Enterprise 8.8 from the Product drop-down list, then select On-Access Low-Risk Processes Policies from the Category drop-down list.
3 Duplicate the On-Access Low-Risk Processes Policies policy.
4 Open the duplicate On-Access Low-Risk Processes Policies policy and configure these options. • Settings for — Select Server. • From the Low-Risk Processes tab, add mvserver.exe to the Low-Risk Processes list. • From the Scan Items tab, next to Scan files, disable When writing to disk and When reading from disk.
5 Click Save and assign the policy to the SVMs.
6 Select Menu | Policy | Policy Catalog, select VirusScan Enterprise 8.8 from the Product drop-down list, then select On-Access Default Processes Policies from the Category drop-down list.
7 Duplicate the On-Access Default Processes Policies policy.
8 Open the duplicate On-Access Default Processes Policies policy and configure these options. • Settings for — Select Server. • From the Low-Risk Processes tab, next to Process Settings, select Configure different scanning policies for high-risk, low-risk, and default processes.
9 Click Save and assign the policy to the SVMs.
McAfee MOVE MultiPlatform 4.5.1, 4.61
Issue:
Infected Files are no deleted by McAfee MOVE
error:
U.1428.2852: May 15 2018:11:09:24.531: ERROR: svc_socket.c: 2028: IP: Failed to send SMART FILE response ( \Device\HarddiskVolume3\McAfee\ePO\591\EPO591L.zip ) ( ) err ( 10053 )
U.1428.2652: May 15 2018:11:10:09.531: ERROR: svc_socket.c: 274: socket send failed(err: WSAECONNABORTED = 10053), Client has closed the connection (may be due to Timeout).
U.1428.2652: May 15 2018:11:10:09.531: ERROR: avs_server.c: 1130: write_scan_resp_based_on_protocol failed: 10053
U.1428.2652: May 15 2018:11:10:09.531: ERROR: avs_server.c: 1406: avs_write_scan_response failed. err: 10053
U.1428.2652: May 15 2018:11:10:09.531: ERROR: svc_socket.c: 2028: IP: Failed to send SMART FILE response ( \Device\HarddiskVolume3\McAfee\ePO\591\EPO591L.zip ) ( ) err ( 10053 )
U.1428.2612: May 15 2018:11:10:31.844: ERROR: avs_server.c: 915: [SCAN FLOW] Failed to calculate cksum of file: [\\?\X:\McAfee\MOVE AV Server\scanfiles\2284\shay - Copy.txt], err: [13], err_text: [Permission denied].
U.1428.2612: May 15 2018:11:10:31.844: ERROR: svc_socket.c: 1802: IP: Failed to get file: \Device\HarddiskVolume2\Users\shay.a\Desktop\shay - Copy.txt, err: -1
U.1428.3980: May 15 2018:11:10:44.906: ERROR: avs_server.c: 915: [SCAN FLOW] Failed to calculate cksum of file: [\\?\X:\McAfee\MOVE AV Server\scanfiles\2468\shay - Copy - Copy.txt], err: [13], err_text: [Permission denied].
U.1428.3980: May 15 2018:11:10:44.906: ERROR: svc_socket.c: 1802: IP: Failed to get file: \Device\HarddiskVolume2\Users\shay.a\Desktop\shay - Copy - Copy.txt, err: -1
U.1428.1240: May 15 2018:11:10:48.406: ERROR: avs_server.c: 915: [SCAN FLOW] Failed to calculate cksum of file: [\\?\X:\McAfee\MOVE AV Server\scanfiles\2548\$RG4Y2O9.txt], err: [13], err_text: [Permission denied].
U.1428.1240: May 15 2018:11:10:48.406: ERROR: svc_socket.c: 1802: IP: Failed to get file: \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-854873570-2405677725-3658187990-1382\$RG4Y2O9.txt, err: -1
U.1428.1132: May 15 2018:11:10:54.532: ERROR: svc_socket.c: 274: socket send failed(err: WSAECONNABORTED = 10053), Client has closed the connection (may be due to Timeout).
U.1428.1132: May 15 2018:11:10:54.532: ERROR: avs_server.c: 1130: write_scan_resp_based_on_protocol failed: 10053
U.1428.1132: May 15 2018:11:10:54.532: ERROR: avs_server.c: 1406: avs_write_scan_response failed. err: 10053
U.1428.1132: May 15 2018:11:10:54.532: ERROR: svc_socket.c: 2028: IP: Failed to send SMART FILE response ( \Device\HarddiskVolume3\McAfee\ePO\591\EPO591L.zip ) ( ) err ( 10053 )
Solutions:
Exclude the process "mvserver.exe" from Virus Scan scan on the Scan Server(SVM)
1 Log on to McAfee ePO as an administrator.
2 Select Menu | Policy | Policy Catalog, select VirusScan Enterprise 8.8 from the Product drop-down list, then select On-Access Low-Risk Processes Policies from the Category drop-down list.
3 Duplicate the On-Access Low-Risk Processes Policies policy.
4 Open the duplicate On-Access Low-Risk Processes Policies policy and configure these options. • Settings for — Select Server. • From the Low-Risk Processes tab, add mvserver.exe to the Low-Risk Processes list. • From the Scan Items tab, next to Scan files, disable When writing to disk and When reading from disk.
5 Click Save and assign the policy to the SVMs.
6 Select Menu | Policy | Policy Catalog, select VirusScan Enterprise 8.8 from the Product drop-down list, then select On-Access Default Processes Policies from the Category drop-down list.
7 Duplicate the On-Access Default Processes Policies policy.
8 Open the duplicate On-Access Default Processes Policies policy and configure these options. • Settings for — Select Server. • From the Low-Risk Processes tab, next to Process Settings, select Configure different scanning policies for high-risk, low-risk, and default processes.
9 Click Save and assign the policy to the SVMs.