Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
08-09-2023 02:49 AM
Hello, we are using Cortex in a Citrix VDI environment.... Non-persistent VDI.
We installed the agent with the VDI flag on the GoldenImage.
When we perform the imageprep scan, it timeout and on cmd appears to be stuck on this file:
\\?\GLOBALROOT\Device\HardiskVolume2\EFI\Boot\bootx64.efi
We've tried reinstalling, etc... with no success.
Version: 8.1.0.41560
We've already opened a case with support, but currently, there's no solution... Has anyone experienced something identical?
08-09-2023 03:15 AM
Hi @tlmarques ,
Since, you have the support case opened, I am sure it will be examined. This probably is stuck for a possibility that the executable currently being examined is a running service and this happens sometimes in very rare occurences. Though the support team will be able to help you with root cause analysis and fix around the same, a workaround that you can leverage is to enable imageprep scan with a scan and upload timeout. This will ensure that files which are not getting a verdict from wildfire even within a specific time interval of upload is skipped and the scan resumes for other files and folders. Example below:
cytool imageprep scan timeout 6 upload <minutes of your choice(recommend 60)> path <filepath of your choice(make sure the folder you mention already exists)>
Hope this helps! Please mark the response as "Accept as solution" if it answers your query.
08-09-2023 05:14 AM
yesterday we were executing "cytool imageprep scan timeout 4 upload 60 path c:\temp " and it give an error
today we change this: "cytool imageprep scan timeout 4 upload 5 path c:\temp" ..... and it all worked out.
I can't understand the situation
08-09-2023 05:32 AM
Hi @tlmarques ,
Possibly there would have been an extra space or an additional parameter that must have hindered the command acceptance. You should ideally be able to add 60 in upload timeout and it should work. Maybe if you can help with an error message, we could figure out.
Also, 5 would be a really little amount of timeout for upload and we would recommend you to keep a min of 30 minutes for upload timeout.
08-09-2023 05:48 AM
Hi @neelrohit ,
scan with error:
We change upload to 5 min , and scan works...
only thing I see that was different is the number of failed files.
With the scan configured for 3 hours scan and 5 minutes to upload, there are more files to fail.
but we've successfully scan.
on both xml reports, i see the failed files and most files have the extension (*.log, *.evtx)
08-09-2023 05:57 AM
Can you show me where to find the upload in the support logs? I want to check for errors.
But if it was a network problem, the TAC would have already let us know.
Our case has been open for 2/3 weeks now and has moved up to the engineering level.
08-09-2023 06:16 AM
Hi @tlmarques ,
This is not a use case of a network issue, rather it could be related to some hashes being stuck during examination phases. For the log elements, since this is a public forum, we would not be able to assess where the action areas related to failure would be and support team would be able to help better with the same.
Alternativeky, you can also reach out to your Customer Success teams(in case if you have one) and/or account teams to see if you need movement from tech support for investigation and issue resolution.
08-09-2023 06:35 AM
@neelrohit I understand, and thanks for your help.
yes, it could be related to certain hashes getting stuck during the examination phases....i will test with different timeouts and upload time.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
