Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Security Manager gets stuck at "Cancelling Malware Scan" process

    • Updated:
    • 11 Sep 2018
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 10.2
    • Deep Security 10.3
    • Deep Security 9.6
    • Platform:
    • N/A N/A
Summary

There are instances wherein Deep Security Manager gets stuck at "Cancelling Malware Scan". This issue seems to be database-related as the process to cancel a malware scan is stuck in the database.

Details
Public
 
Please consult your Database Administrator before performing this task.

To resolve the issue:

  1. Back up your database.
  2. Stop the Deep Security Manager service.
  3. Run the following SQL query to list all machines for manual or scheduled scan in progress:

    SELECT * FROM antimalwarehosts WHERE
    (AntiMalwareManualScanState!=0 AND AntiMalwareManualScanState<6) or
    (Antimalwarescheduledscanstate!=0 AND AntiMalwareScheduledScanState<6)

    Below are the possible values of ScanState:

    • 0 All Scan: Neutral
    • 1 Scheduled Scan: Requested By the system upon the schedule
    • 2 Scheduled Scan: Enqueued at the Agent
    • 3 Scheduled Scan: In Progress
    • 4 Scheduled Scan: Paused
    • 6 Cancel Scan: Requested By User
    • 7 Cancel Scan: Cancellation in progress at the Agent
  4. Based on the query result, get the "HostID" of each machine with scan status in progress or cancel scan. Run the following SQL query in dbo.hosts table:

    SELECT AgentStateCode from hosts where HostID=XXX;

    Ignore those hosts with the field "AgentStateCode" equals to "501", which means offline state. Offline hosts will not be counted when displaying the "Processing X Malware Scan(s)" message on console.

  5. If the online client is not actually running a scan, query records from antimalwarehosts with HostID and check if there is duplicate record for the host. If yes, remove the one with scan state is not "0". If there are no duplicate records, you can update the status code as "0" by running the SQL below.
    • To query for duplicate hosts:

      SELECT * FROM antimalwarehosts WHERE HOSTID=XXX

    • To update the status code to 0:

      UPDATE antimalwarehosts
      SET AntiMalwareScheduledScanState=0, AntiMalwareManualScanState=0
      WHERE HostID=XXX;

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1119717
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.