To get the best possible interoperability with Recommendation Scans, ensure that the DSM resources are assigned accordingly. This means there should be enough IO assigned to handle large Recommendation Scan tasks.

For example, if you have to scan 300 virtual machines (VMs), it is recommended to have a DSM with 4 CPU and 12 GB of RAM. You need to adjust the JVM heap size to around 8 GB for the DSM server and modify the timeout values for the Recommendation Scans as well.

To resolve the issue, do the following:

1. Download DSM 9.5.6511.exe and execute it to upgrade the DSM. For more information, refer to this article: Manually updating the Deep Security Manager (DSM) database schema.
2. When the DSM has completed the upgrade and it didn't purge out the tasks within 2-3 hours, modify the timeout values.
   Scan recommendation is actually done by the DSM even in agentless protection. In agentless mode, DSVA collects meta data from the protected VM and send it to DSM to perform scan recommendation.

   Adjust the same agent socket timeout settings below to avoid timeout in agentless mode:

   // Default socket channel timeout (in milliseconds)
   defaultSocketChannelTimeout

   // Default agent socket timeout override (in seconds)
   agentSocketTimeoutOverride

   1. Run the following command to adjust the hidden settings:

      > cd C:\Program Files\Trend Micro\Deep Security Manager\
      > dsm_c.exe -action changesetting -name configuration.defaultSocketChannelTimeout -value 1200000
      > dsm_c.exe -action changesetting -name configuration.agentSocketTimeoutOverride -value 1200

   2. Perform the following SQL command against the DSM database (DB) to make sure that the settings have been modified:
       

      The following command will show the new settings in DSM. By default, the values are 300,000 and 300.

      select *
      from [dsm].[dbo].[systemsettings]
      where UniqueKey like N'%Socket%Timeout%'

3. Increase the JVM heap size on the DSM to allow larger java memory acquisition for DSM purposes. Follow the steps in this article: “The memory warning threshold…has been exceeded” appears in Deep Security Manager (DSM).
4. Perform again the Recommendation Scan.

If the issue still persists, do the following:

1. Enable the DSM logging for detection engine and protocol.

   java.util.logging.FileHandler.limit = 100000000
   java.util.logging.FileHandler.count = 10
   com.thirdbrigade.manager.core.protocol.level = ALL
   com.thirdbrigade.manager.core.detectionengine.level=ALL
   com.thirdbrigade.manager.core.scheduler.jobschedulers.jobs.HostUpdaterCommandGetHostMetaData.level=ALL

2. Make sure that configuration settings are correct.
   • Use at least ESX 5.1, VSM 5.1, and vCenter 5.1.
   • The ESX should be prepared with vShield Installed status.
   • DSVA should be deployed with vShield Registered status.
   • Each Windows VM has VMtools and optional vShield drivers installed.
3. Run the following command to make sure vShield endpoint is configured correctly:

   $ cd /var/opt/ds_agent/guests/<GUEST_GUID>
   $ export LD_LIBRARY_PATH=/opt/ds_agent/lib
   $ sudo /opt/ds_agent/dsampoke <GUEST_GUID> status

   The output should be similar to the following:

   amStatus <AmStatus driverOffline="true" imScanStatus="4" rcScanStatus="4" scanStatus="4" />

   If the status value is "5", it means the vShield endpoint driver is not configured well or improperly working.