3 Replies Latest reply on Dec 8, 2015 10:47 AM by cwinning

    Scans taking a long time or never completing, scan results missing patch numbers ballooned to high numbers

    Apprentice

      I have been getting oddball issues in the last couple of weeks concerning agentless scans. Originally I would  get a couple of machines that would just seem to take forever to complete the scan process, yet on an individual retry scan normal speed. I went through all the documentations concerning slow scan fixes. Over time the problem had gotten worse including scanning of machines that are on the same subnet as the shavlik console. Performance wise the console has more than the recommended  resources assigned to it and does not show exceeding the resources allocated to it. At the time I had version 9.1 the problem started getting worse so uninstalled and reinstalled  9.1 which seems to have helped at little at the time. Then the problem started getting worse  with any scans just hanging . I ended up uninstalling again and then this time upgrading to latest version of 9,2. Issue continues to varying degrees as some systems scan fine and other just take hours even local ones to console  yet other that at remote sites scan  within normal time. In last day  another weirdness has cropped up  and that is  the missing patch numbers reported have jumped dramatically  like for example a system I scanned yesterday that had 9 patches missing  suddenly today  on another identical scan (using the default security patch scan not a custom one) now is reporting 112 patches missing. I have seen this on a couple machines now  often times these seem to also be the ones that are taking an abnormal amount of time on scans.

      So that I have checked

      AV exclusions have not changed  for either the console of the scan targets

      Nothing different in the site latencies, or wan saturation

      All firewall ports are the same as in the past , turning off the windows firewalls on both the console as well as destination scan makes no difference.

      Restarting console server as well as clients to be scanned makes no difference

      Manual windows updates works fine, consistent and normal scan speed  on the systems to be scanned by the console

      I am also getting quite a few  machines reporting back with error 13 (scan started and all connections appeared to work... but unexpected network even terminated the scan). I followed the  documentation on this error and was able to maintain a stable ping from console to that machine during scan and did not drop connection pings were also normal levels)

      monitored RAM, CPU of the console  and all well within the norms  and even added more RAM made no differences

      So I am at a loss as to what else to try. Though I have wondered if the issue might be with the protect database. What happens  if I were to start with a brand now database what happens with the machines with agents? I assume I would have to recreate all the scan custom scan and deployment templates  but once those were up with the agents register or would they all have to be reinstalled ?

        • 1. Re: Scans taking a long time or never completing, scan results missing patch numbers ballooned to high numbers
          cwinning CommunityTeam

          Hello,

           

          For troubleshooting this issue, it would be best to contact support so we can get this escalated and possibly setup a WebEx to take a look at the issue live.  There are too many variables happening here to troubleshoot this through the community.  It's not a known issue and I doubt it has anything to do with the version of Protect you are running, although 9.2 scans should be 30-50% faster than 9.1 scans.

           

          Have you verified these machines are not infected?

           

          You will need to re-install the agent, re-create the scan template and other settings if you switch out to a new database. 

           

          Thanks,

          Charles

          • 2. Re: Scans taking a long time or never completing, scan results missing patch numbers ballooned to high numbers
            Apprentice

            Turned out that  all the issues were caused by the anti-virus  (trend micro office scan) installed on the server  which until recent times had not been an issue  (initially it was but after placing all the exclusions needed it ran fine for the last year).  During my troubleshooting I had unloaded the antivirus and that made no difference (by unload, within the officescan agent one can unload officescan which in turn is suppose to be as if it were not installed).  I even went as far as disabling all its services and rebooting the server and continued to have the issue.  In a last ditch effort  after having seen a temp new build of a shavlik server with no applications other than those required by shavlik protect  running just fine, I decided to uninstall officescan on the original server, reboot and all was working perfect. Lesson learned if you are trying to rule out the anti-virus as the possible culprit , completely uninstall it  rather than doing a unload of the anti-virus

            • 3. Re: Scans taking a long time or never completing, scan results missing patch numbers ballooned to high numbers
              cwinning CommunityTeam

              Hello,

               

              "Lesson learned if you are trying to rule out the anti-virus as the possible culprit , completely uninstall it  rather than doing a unload of the anti-virus"

               

              No truer words have bee spoken regarding troubleshooting issues caused by AV software.  I've personally have been bitten my this fact a few times over the year.

               

              Thanks for taking the time to let us know the root cause of your issue.

               

              Thanks,

              Charles