Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 4764 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Errors when performing AV scan's on servers

sjc85

Hi All,

I am posting here as I'm receiving various errors when scanning a number of different servers with the Sophos AV product.

We are currently running v9.7 of the Endpoint Security and control client and v4.7.0.13 of the Enterprise Console.

Here is a few of the messages we are encountering:

Scanning "E:\R-Share\Users\Conf\System Volume Information\{39628db7-4338-11e1-ade8-00155d031709}{3808876b-c176-4e48-b7ae-04046e6cc752}" returned SAV Interface error 0xa0040210: The file could not be accessed.

Scanning "E:\pagefile.sys" returned SAV Interface error 0xa0040210: The file could not be accessed.

Scanning "C:\RECYCLER\S-1-5-21-2025429265-1284227242-839522115-11938\Dc14931" returned SAV Interface error 0xa004021a: Sophos Anti-Virus could not proceed, the file was corrupted.

I am loathe to exclude these files in case an infection is missed.  Any ideas on what could be causing this and how it could be resolved?

In case you're wondering, the server's being scanned are predominantly Windows 2008 Server (Enterprise and Standard), 2003 Server standard and Windows 2000 server.

Any help is appreciated.

:22193


This thread was automatically locked due to age.
  • 0

    I've also had this similar issue, so you're definitely not alone. I however have not found a good fix. I "Acknowledge" them manually when they pop up, but then they just show right back up again.

    I'll keep you posted if I am able to find any information

    :22211
  • 0

    Hello sjc85 and jdobbins88,

    the goal of AV administration is not to run scans error-free. Indeed one shouldn't care much about an error per se but what it signifies.

    Let's start with an obvious case: pagefile.sys ...  could not be accessed . If this is the active pagefile the error should be no real surprise. The pagefile is exclusively opened by the system and no other process is permitted to open it while it is in use.The error is expected if you run a scheduled or on-demand scan which encompasses one or more page volumes. Of course you can exclude pagefile.sys from being scanned to avoid the message.

    In general there are always some files which are locked exclusively when you run a scan, in an AD environment you'll also encounter insufficient rights situations. Make sure that these errors are where they should be expected though.

    the file was corrupted usually indicates some error in the file's internal structure (which might not even be noticeable when you open the file with an associated application). In practically all cases this is effectively just of informational nature. The file has been scanned up to the point of the error - you should not exclude files for this reason.

    You should not exclude the Recycler (or any files in it), and you should not exclude restore points.

    You might also encounter errors related to password protected files (archives, office documents and so on). These too are to be expected, you just have to live with them and should not make any exclusions.

    Christian

    :22221