How to Mitigate Scan Failures in MetaDefender Core Triggered by Real-Time Protection Systems?

Summary:

This article provides insights and solutions to a prevalent issue in MetaDefender Core where scans may fail due to disruptions from real-time protection systems. The problem often manifests without generating explicit error messages, complicating diagnosis. This guide will walk you through the steps to identify and rectify this situation.

Problem Description:

Users of MetaDefender Core may experience scan failures that do not return specific error messages. A successful scan should typically display "No available scan result" in the Metascan details, and the corresponding report should state "Not Scanned."

Primary Cause:

In most cases, real-time protection systems like antivirus software delete or quarantine files uploaded to MetaDefender Core, perceiving them as potential threats. This action inhibits MetaDefender Core's ability to process these files, leading to scan failures. Notably, these failures may also show errors from engines indicating the file does not exist.

Solution:

To resolve this issue and ensure effective scanning, follow these steps:

  1. Identify the real-time protection software operational on the MetaDefender Core Server.
  2. Navigate to the settings of the identified real-time protection software.
  3. Look for the 'exclusions' or 'exceptions' section in the settings.
  4. Add full installation path of MetaDefender Core. Add the temporary upload path used by MetaDefender Core. Add engineprocess.exe, engineprocess32.exe, ometascan.exe, postgres.exe and nginx.exe processes, to the exclusions list. Note: If you are using Symantec Endpoint Protection as your local AV, please adjust the settings as instructed in This KB Article.
  5. Save your changes and exit the settings.
  6. Conduct a test scan to confirm the resolution of the problem.

For more detailed instructions on adding exclusions or exceptions to your antivirus software, refer to the user manual or documentation provided by the software vendor.

Conclusion:

By following the provided steps and adjusting your real-time protection software settings, you should be able to address MetaDefender Core scan failures. This process ensures that files you upload for scanning are not wrongly removed by real-time protection systems, enabling successful MetaDefender Core scans. As a result, you should observe "No available scan result" in the Metascan details and "Not Scanned" in the exported report, as expected.

If the problem persists despite following the outlined steps, please open a Support Case with the OPSWAT team via phone, online chat or form, or feel free to ask the community on our OPSWAT Expert Forum.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
How to Resolve MetaDefender Core Service Start-up Failures on IPv6-Disabled Linux Systems?
On This Page
How to Mitigate Scan Failures in MetaDefender Core Triggered by Real-Time Protection Systems?Summary:Problem Description:Primary Cause:Solution:Conclusion: