Vscan Timedout and Disconnected after file scan fails

Applies to

• ONATP 9.x
• VSCAN
• Trellix/McAfee

Issue

• Files take a long time to open as Vscan request has been sent to AV server and timed out after several seconds.
• The user can open the file after this process but the virus scanned has not been done over the file.
• No AV connector issues are observed either. Tests pass satisfactorily
• McAfee off box timeout configuration is set as recommended (25 seconds) or very near to that value as per the kb attached below in additional information section.
• EMS errors ( Vscan server disconnects and re-connects):

OffboxVScanTableUpd: Nblade.scannerDisconnected:notice]: Vserver "USCA3CDOT501" disconnected from Vscan server (IP: xx.xx.xx.xx)
OffboxVScanTableUpd: Nblade.scannerConnected:notice]: Vserver "USCA3CDOT501"connected to Vscan server (IP: xx.xx.xx.xx).
mgwd: vscan.pool.largeReqTimeout:notice]: For scanner-pool 'trellix_scan' created on Vserver 'XXXXXXXXXX', request-timeout is configured as 40s but that would internally be taken as 35s if the applicable On-Access policy has scan-mandatory set to "off". This ensures that the file-access is granted to theclient for such policy

• After verifications on Trellix NetApp Activity Logs the error 333300002 is present just after the scan request is sent to the server:

292039 2021-12-28 05:23:34.024798 y.y.y.y z.z.z.z VSCAN2 Scan Failed (block if mandatory scan is set) 0.047805000 Scan Reply:
Scan Failed (block if mandatory scan is set): \cifs02_vol01\profiles\bbergct\Desktop\DataAdmin.laccdb
Scan Reply
Scan Result: Offbox vscan use vscan engine status (268435456)
Engine Status: Scan Failed (block if mandatory scan is set) (333300002)
Engine Status String: Error reading file, the scanner does not have rights to open/read file.
[filename: \cifs02_vol01\profiles\bbergct\Desktop\DataAdmin.laccdb]

• Additional service account authentication errors also spotted in the Trellix Logs