Skip to main content
NetApp Knowledge Base

AV Server reports permission issue and slowness when attempting to scan files for vscan

  1. Last updated
  2. Save as PDF
Views:
1,063
Visibility:
Public
Votes:
1
Category:
ontap-9
Specialty:
NAS
Last Updated:

Applies to

  • ONTAP 9
  • Vscan
  • Antivirus (AV)
  • Trellix/Mcafee

Issue

  • Accessing and opening CIFS shares is very slow or hanging, and QoS statistics latency shows indicates latency is from Vscan
::> qos statistics volume latency show -vserver SVM1 -volume Vol1
    Workload   ID    Latency    Network    Cluster     Data       Disk      QoS Max    QoS Min    NVRAM    Cloud  FlexCache    SM Sync   AVSCAN
    ------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -------------------
      vol1    12345  55.12ms    199.00us    0ms       679.00us   799.00us    0ms        0ms        0ms      0ms        0ms        0ms    53.12ms
      vol1    12345  252.21ms   218.00us    0ms       566.00us    60.00us    0ms        0ms        0ms      0ms        0ms        0ms    221.23ms
  • Event logs show vscanConnBackPressurevscanExcessiveTOs errors:

[node-01: kernel: Nblade.vscanConnBackPressure:error]: For Vserver "svm1", AV server "172.2.3.2" is too busy to accept new scan requests.
[node-01: kernel: Nblade.vscanExcessiveTOs:error]: Vscan timed-out scanning events exceeded 2000 in the last 30 minutes for Vscan server (IP: 172.2.3.4) in SVM "svm1".
[node-01: kernel: Nblade.vscanExcessiveTOs:error]: Vscan timed-out scanning events exceeded 2000 in the last 30 minutes for Vscan server (IP: 172.2.3.2) in SVM "NVFILVIG003".
[node-01: kernel: Nblade.vscanExcessiveTOs:error]: Vscan timed-out scanning events exceeded 2000 in the last 30 minutes for Vscan server (IP: 172.2.3.3) in SVM "svm1".
[node-01: kernel: ems.engine.suppressed:debug]: Event 'Nblade.vscanConnBackPressure' suppressed 1142 times in last 608 seconds.
[node-01: kernel: Nblade.vscanConnBackPressure:error]: For Vserver "svm1", AV server "172.2.3.4" is too busy to accept new scan requests.

  • Vscan statistics show a lot of latency
  • Vscan events show scan requests are timing out

Node       Vserver  Server  Event Log Time      Event Type     File Path
node-01    svm1             1/29/2025 12:21:34  scan-timedout  \user1\file0001.db
node-01    svm1             1/29/2025 12:21:34  scan-timedout  \user3\file0002.ERW
node-01    svm1             1/29/2025 12:21:34  scan-timedout  \user9\file032345.db

  • Trellix Vscan scanner reports "permission issue" when attempting to scan files sent to it for Vscan operations:

Scan Started    AVSERVER04    Scan Request Received From :127.0.0.1    File to scan : \\?\UNC\172.2.3.1\ontap_admin$\\user1\file0001.db
Scan Result     AVSERVER04    Failed to scan due to permission issue:    \\?\UNC\172.2.3.1\ontap_admin$\\user1\file0001.db
Scan Started    AVSERVER04    Scan Request Received From :127.0.0.1    File to scan : \\?\UNC\172.2.3.1\ontap_admin$\\user3\file0002.ERW
Scan Result     AVSERVER04    Failed to scan due to permission issue:    \\?\UNC\172.2.3.1\ontap_admin$\\user3\file0002.ERW

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.