https://community.netapp.com/t5/ONTAP-Discussions/CDOT-8-3-1-vscan-only-passing-exe-files-to-McAfee-AV-Scanner/m-p/121741#M26100 <P>Hi,</P><P>&nbsp;</P><P>can you change the vscan on-access -policy &nbsp;to&nbsp;<STRONG>scan-mandatory</STRONG></P><P>&nbsp;</P><P>vscan on-access-policy modify -vserver xxxxx_xxxxx&nbsp;-policy-name <SPAN>template_test</SPAN> -filters <STRONG>scan-mandatory</STRONG>&nbsp;</P><P>&nbsp;</P><P>you can control the vscan operation&nbsp;by modifying&nbsp;<STRONG>vscan-fileop-profile on the CIFS shares.</STRONG></P><P>&nbsp;</P><P>&nbsp;</P><P>cifs share modify -vserver xxxxx_xxxx -share-name tst_share -vscan-fileop-profile<STRONG>&nbsp;no-scan standard strict writes-only</STRONG></P><P>&nbsp;</P><P>&nbsp;</P><P>i use writes-only in my environment.</P><P>&nbsp;</P><P>cifs share show -share-name <SPAN>share-name$</SPAN> -fields vscan-fileop-profile<BR />vserver share-name vscan-fileop-profile<BR />------------- ------------------ --------------------<BR />cluster share-name$ <STRONG>writes-only</STRONG></P><P>&nbsp;</P><P>let me know if this makes any difference.</P><P>&nbsp;</P><P>Regards,</P><P>Mani</P> Tue, 26 Jul 2016 13:32:03 GMT manistorage 2016-07-26T13:32:03Z https://community.netapp.com/t5/ONTAP-Discussions/CDOT-8-3-1-vscan-only-passing-exe-files-to-McAfee-AV-Scanner/m-p/121679#M26088 <P>I have an 8040 Cluster running 8.3.1P1 and using McAfee VirusScan 8.8 with the current release of VSES for NetApp, NetApp VSCAN is configured as per NetApp best practice and the McAfee VSES is configured as 'we' beleve to be correct.</P><P>&nbsp;</P><P>When we place eicar test pattern files in the CIFS shares only the files with a .exe extension are detected and deleted by the AV, we have tested with .txt .com and .vbs extension and they are not even scanned.&nbsp; It looks likes they are not even being passed to AV server by VSCAN despite VSCAN being configured to scan all extensions.</P><P>&nbsp;</P><P>Our 7-mode filer / McAfee AV detects all the test virus files,</P><P>&nbsp;</P><P>Has anyone else experienced problems with AV scanning on CDOT 8.3.x and only .exe files being scanned.</P> Wed, 04 Jun 2025 19:50:29 GMT https://community.netapp.com/t5/ONTAP-Discussions/CDOT-8-3-1-vscan-only-passing-exe-files-to-McAfee-AV-Scanner/m-p/121679#M26088 mn1970 2025-06-04T19:50:29Z https://community.netapp.com/t5/ONTAP-Discussions/CDOT-8-3-1-vscan-only-passing-exe-files-to-McAfee-AV-Scanner/m-p/121721#M26094 <P>HI,</P><P>&nbsp;</P><P>Can you share the vscan profile output for teh specific vserver?</P><P>&nbsp;</P><P>vserver vscan on-access-policy show -vserver xx-xxx-xx&nbsp;-policy-name&nbsp;xxxx_xxxx</P><P>&nbsp;</P><P>Regards,</P><P>Mani</P> Tue, 26 Jul 2016 06:31:12 GMT https://community.netapp.com/t5/ONTAP-Discussions/CDOT-8-3-1-vscan-only-passing-exe-files-to-McAfee-AV-Scanner/m-p/121721#M26094 manistorage 2016-07-26T06:31:12Z https://community.netapp.com/t5/ONTAP-Discussions/CDOT-8-3-1-vscan-only-passing-exe-files-to-McAfee-AV-Scanner/m-p/121724#M26096 <P>Hi Mani</P><P>&nbsp;</P><P>This is the output :&nbsp;</P><P><BR />Vserver: XXXX-template_test<BR />Policy: template_test<BR />Policy Status: on<BR />Policy Config Owner: vserver<BR />File-Access Protocol: CIFS<BR />Filters: scan-execute-access<BR />Max File Size Allowed for Scanning: 2GB<BR />File Paths Not to Scan: -<BR />File Extensions Not to Scan: -<BR />File Extensions to Scan: *<BR />Scan Files with No Extension: true</P><P>&nbsp;</P><P>NetApp support have verified our config, the McAfee side only reports .exe files being passed to it.</P><P>&nbsp;</P><P>Cheers</P><P>Matt</P> Tue, 26 Jul 2016 08:27:44 GMT https://community.netapp.com/t5/ONTAP-Discussions/CDOT-8-3-1-vscan-only-passing-exe-files-to-McAfee-AV-Scanner/m-p/121724#M26096 mn1970 2016-07-26T08:27:44Z https://community.netapp.com/t5/ONTAP-Discussions/CDOT-8-3-1-vscan-only-passing-exe-files-to-McAfee-AV-Scanner/m-p/121741#M26100 <P>Hi,</P><P>&nbsp;</P><P>can you change the vscan on-access -policy &nbsp;to&nbsp;<STRONG>scan-mandatory</STRONG></P><P>&nbsp;</P><P>vscan on-access-policy modify -vserver xxxxx_xxxxx&nbsp;-policy-name <SPAN>template_test</SPAN> -filters <STRONG>scan-mandatory</STRONG>&nbsp;</P><P>&nbsp;</P><P>you can control the vscan operation&nbsp;by modifying&nbsp;<STRONG>vscan-fileop-profile on the CIFS shares.</STRONG></P><P>&nbsp;</P><P>&nbsp;</P><P>cifs share modify -vserver xxxxx_xxxx -share-name tst_share -vscan-fileop-profile<STRONG>&nbsp;no-scan standard strict writes-only</STRONG></P><P>&nbsp;</P><P>&nbsp;</P><P>i use writes-only in my environment.</P><P>&nbsp;</P><P>cifs share show -share-name <SPAN>share-name$</SPAN> -fields vscan-fileop-profile<BR />vserver share-name vscan-fileop-profile<BR />------------- ------------------ --------------------<BR />cluster share-name$ <STRONG>writes-only</STRONG></P><P>&nbsp;</P><P>let me know if this makes any difference.</P><P>&nbsp;</P><P>Regards,</P><P>Mani</P> Tue, 26 Jul 2016 13:32:03 GMT https://community.netapp.com/t5/ONTAP-Discussions/CDOT-8-3-1-vscan-only-passing-exe-files-to-McAfee-AV-Scanner/m-p/121741#M26100 manistorage 2016-07-26T13:32:03Z