Scan stuck on \\?\GLOBALROOT\Device\HardiskVolume3\System Volume Information\tracking.log

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Scan stuck on \\?\GLOBALROOT\Device\HardiskVolume3\System Volume Information\tracking.log

L0 Member

Hello, we are using Cortex in a Citrix PVS environment.

We installed the agent with the VDI flag on the master vDisk. When we try to generate a scan on the new version of the vDisk, it always stuck on this file: 

 \\?\GLOBALROOT\Device\HardiskVolume3\System Volume Information\tracking.log


We know that tracking.log a file responsible of the ntfs changes and other things and that we can't have access to this folder because it's protected by the sytem.


But is there any way to exclude this file from the scan via the cytool imageprep scan command line ? We tried to change the timeout values or the upload value but nothing changes and we could not find any documentation using the /help flag.


Other thing we tried: scan with the malware module DISABLED => nothing changed.

The restore file features is disabled on our drives.


Thanks you for your help,






L3 Networker

Hi Fred.L,


Can you share what agent version you are using?





Hello Ben,
Thank you for your interest.
Here is the agent version we are running (OS 2019 Server):
Cortex XDR

Hi Fred.L,


Are you using the CE (Critical Environment) version? Or just the standard 7.5? The reason I ask is if you are not using the CE version then I would recommend using version 7.6 or later. Prior to 7.6 there were similar issues reported that were fixed in the agent 7.6 release. If you are using the CE version then I recommend opening a support case so our support engineers can conduct advanced troubleshooting.




Hi Ben,
I will ask for the security team and will answer you as soon as I can. Thank you for this precision.

Hello Ben,
I update the discussion: after following your recommendations, we upgrade the agent to the 7.7 version and the scan completed successfully.
Thank you for your help,
  • 5 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!