https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-stuck-on-globalroot-device-hardiskvolume3-system-volume/m-p/484856#M1944 <P>Hi Fred.L,</P><P>&nbsp;</P><P>Are you using the CE (Critical Environment) version? Or just the standard 7.5? The reason I ask is if you are not using the CE version then I would recommend using version 7.6 or later. Prior to 7.6 there were similar issues reported that were fixed in the agent 7.6 release. If you are using the CE version then I recommend opening a support case so our support engineers can conduct advanced troubleshooting.</P><P>&nbsp;</P><P>Regards,</P><P>Ben</P> Wed, 04 May 2022 13:24:09 GMT bbucao 2022-05-04T13:24:09Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-stuck-on-globalroot-device-hardiskvolume3-system-volume/m-p/484143#M1933 <P>Hello, we are using Cortex in a Citrix PVS environment.</P><P>We installed the agent with the VDI flag on the master vDisk. When we try to generate a scan on the new version of the vDisk, it always stuck on this file:&nbsp;</P><P>&nbsp;\\?\GLOBALROOT\Device\HardiskVolume3\System Volume Information\tracking.log</P><P>&nbsp;</P><P>We know that tracking.log a file responsible of the ntfs changes and other things and that we can't have access to this folder because it's protected by the sytem.</P><P>&nbsp;</P><P>But is there any way to exclude this file from the scan via the&nbsp;<SPAN>cytool imageprep scan command line ? We tried to change the timeout values or the upload value but nothing changes and we could not find any documentation using the /help flag.</SPAN></P><P>&nbsp;</P><P><SPAN>Other thing we tried: scan with the malware module DISABLED =&gt; nothing changed.</SPAN></P><P><SPAN>The restore file features is disabled on our drives.</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks you for your help,</SPAN></P><P>&nbsp;</P><P><SPAN>Fred</SPAN></P><P>&nbsp;</P><P>&nbsp;&nbsp;</P> Mon, 02 May 2022 13:23:47 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-stuck-on-globalroot-device-hardiskvolume3-system-volume/m-p/484143#M1933 fred.l 2022-05-02T13:23:47Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-stuck-on-globalroot-device-hardiskvolume3-system-volume/m-p/484718#M1941 <P>Hi Fred.L,</P><P>&nbsp;</P><P>Can you share what agent version you are using?</P><P>&nbsp;</P><P>Thanks,</P><P>Ben</P><P>&nbsp;</P> Wed, 04 May 2022 03:24:34 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-stuck-on-globalroot-device-hardiskvolume3-system-volume/m-p/484718#M1941 bbucao 2022-05-04T03:24:34Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-stuck-on-globalroot-device-hardiskvolume3-system-volume/m-p/484771#M1943 Hello Ben,<BR />Thank you for your interest.<BR />Here is the agent version we are running (OS 2019 Server):<BR />Cortex XDR 7.5.1.40243<BR />Fred<BR /><BR /> Wed, 04 May 2022 09:33:33 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-stuck-on-globalroot-device-hardiskvolume3-system-volume/m-p/484771#M1943 fred.l 2022-05-04T09:33:33Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-stuck-on-globalroot-device-hardiskvolume3-system-volume/m-p/484856#M1944 <P>Hi Fred.L,</P><P>&nbsp;</P><P>Are you using the CE (Critical Environment) version? Or just the standard 7.5? The reason I ask is if you are not using the CE version then I would recommend using version 7.6 or later. Prior to 7.6 there were similar issues reported that were fixed in the agent 7.6 release. If you are using the CE version then I recommend opening a support case so our support engineers can conduct advanced troubleshooting.</P><P>&nbsp;</P><P>Regards,</P><P>Ben</P> Wed, 04 May 2022 13:24:09 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-stuck-on-globalroot-device-hardiskvolume3-system-volume/m-p/484856#M1944 bbucao 2022-05-04T13:24:09Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-stuck-on-globalroot-device-hardiskvolume3-system-volume/m-p/484862#M1945 Hi Ben,<BR />I will ask for the security team and will answer you as soon as I can. Thank you for this precision.<BR />Fred<BR /> Wed, 04 May 2022 13:26:33 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-stuck-on-globalroot-device-hardiskvolume3-system-volume/m-p/484862#M1945 fred.l 2022-05-04T13:26:33Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-stuck-on-globalroot-device-hardiskvolume3-system-volume/m-p/488207#M2011 Hello Ben,<BR />I update the discussion: after following your recommendations, we upgrade the agent to the 7.7 version and the scan completed successfully.<BR />Thank you for your help,<BR />Fred<BR /> Wed, 18 May 2022 13:37:33 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-stuck-on-globalroot-device-hardiskvolume3-system-volume/m-p/488207#M2011 fred.l 2022-05-18T13:37:33Z