Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Scan stuck on \\?\GLOBALROOT\Device\HardiskVolume2\EFI\Boot\bootx64.efi

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Scan stuck on \\?\GLOBALROOT\Device\HardiskVolume2\EFI\Boot\bootx64.efi

L3 Networker

Hello, we are using Cortex in a Citrix VDI environment.... Non-persistent VDI.

We installed the agent with the VDI flag on the GoldenImage.

When we perform the imageprep scan, it timeout and on cmd appears to be stuck on this file:

\\?\GLOBALROOT\Device\HardiskVolume2\EFI\Boot\bootx64.efi

 

We've tried reinstalling, etc... with no success.

Version: 8.1.0.41560

We've already opened a case with support, but currently, there's no solution... Has anyone experienced something identical?

Best regards
Tiago Marques
7 REPLIES 7

L5 Sessionator

Hi @tlmarques ,

 

Since, you have the support case opened, I am sure it will be examined. This probably is stuck for a possibility that the executable currently being examined is a running service and this happens sometimes in very rare occurences. Though the support team will be able to help you with root cause analysis and fix around the same, a workaround that you can leverage is to enable imageprep scan with a scan and upload timeout. This will ensure that files which are not getting a verdict from wildfire even within a specific time interval of upload is skipped and the scan resumes for other files and folders. Example below:

cytool imageprep scan timeout 6 upload <minutes of your choice(recommend 60)> path <filepath of your choice(make sure the folder you mention already exists)>

 

Hope this helps! Please mark the response as "Accept as solution" if it answers your query.

 

yesterday we were executing "cytool imageprep scan timeout 4 upload 60 path c:\temp "  and it give an error

today we change this: "cytool imageprep scan timeout 4 upload 5 path c:\temp" ..... and it all worked out.

I can't understand the situation

 

Best regards
Tiago Marques

Hi @tlmarques ,

 

Possibly there would have been an extra space or an additional parameter that must have hindered the command acceptance. You should ideally be able to add 60 in upload timeout and it should work. Maybe if you can help with an error message, we could figure out.

 

Also, 5 would be a really little amount of timeout for upload and we would recommend you to keep a min of 30 minutes for upload timeout.

Hi @neelrohit ,

scan with error:
scan error upload 60scan error upload 60
We change upload to 5 min , and scan works...
scan OK upload 5scan OK upload 5
only thing I see that was different is the number of failed files.
With the scan configured for 3 hours scan and 5 minutes to upload, there are more files to fail.

but we've successfully scan.

on both xml reports, i see the failed files and most files have the extension (*.log, *.evtx) 

Best regards
Tiago Marques

@neelrohit 

Can you show me where to find the upload in the support logs? I want to check for errors.

But if it was a network problem, the TAC would have already let us know.

Our case has been open for 2/3 weeks now and has moved up to the engineering level.

Best regards
Tiago Marques

Hi @tlmarques ,

 

This is not a use case of a network issue, rather it could be related to some hashes being stuck during examination phases. For the log elements, since this is a public forum, we would not be able to assess where the action areas related to failure would be and support team would be able to help better with the same.

 

Alternativeky, you can also reach out to your Customer Success teams(in case if you have one) and/or account teams to see if you need movement from tech support for investigation and issue resolution.

L3 Networker

@neelrohit  I understand, and thanks for your help.

yes, it could be related to certain hashes getting stuck during the examination phases....i will test with different timeouts and upload time.

Best regards
Tiago Marques
  • 2910 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!