Table of contents

Anti-Malware scan failures and cancellations

Anti-Malware scans can fail or be cancelled for several reasons, which have different recommended actions.

These events can occur for manual, quick, or scheduled scans.

Anti-Malware scan failure events

The following table describes possible reasons for system events 793, 795, and 1543 (Malware Scan Failure).

Event reason Reason ID * Description Recommended action
Empty configuration 31 Malware Scan could not be started. This is caused by an empty Malware Scan configuration.
  1. From the Computer or Policy editor, go to Anti-Malware > General.
  2. Make sure a Malware Scan configuration is assigned to the Scheduled scan.
  3. Rerun the scan.
Anti-Malware module is off 30 Malware Scan could not be started. This is because the Anti-Malware module is turned off.
  1. From the Computer or Policy editor, go to Anti-Malware > General.
  2. Make sure the Anti-Malware state is "On" or "Inherited (On)."
  3. Rerun the scan.
Anti-Malware service stops 7 Malware Scan failed because the Anti-Malware service is being terminated.
  1. From the Computer or Policy editor, go to Overview > General, and click Check Status.
  2. If the Anti-Malware Status is "Anti-Malware Engine Offline," follow the procedure to solve the Error: Anti-Malware engine offline issue.
  3. Rerun the scan.
Anti-Malware engine is offline 9 Malware Scan failed because the Anti-Malware engine is offline.
  1. Follow the procedure to solve the Error: Anti-Malware engine offline issue.
  2. Rerun the scan.
Fail to access configuration -2 Malware Scan failed because of an inaccessible Anti-Malware configuration. (This may be due to an unexpected internal error or timing issue.)
  1. From the Computers page, right-click the target computer and go to Actions > Assign Policy.

  2. Rerun the scan.
Other scan task is running -16 Malware Scan failed because another scan task is in progress. (This may be due to an unexpected internal error or timing issue.)
  1. From the Computers page, check the Task(s) column for the target computer to see if another Malware Scan is in progress.
  2. If yes, either wait for the current scan task to complete or right-click the target computer and go to Actions > Cancel Malware Scan.
  3. Rerun the scan.
Unknown reason on agent 10 Malware Scan failed for an unknown reason.
  1. Collect the system event information and follow the procedure to Create a diagnostic package and logs.
  2. Contact support.

* The reason ID is included in events forwarded to an external Syslog, SIEM server, or to Amazon SNS. It is not displayed in the Workload Security console.

Anti-Malware scan cancellation events

The following table describes possible reasons for system events 1526, 1528, and 1540 (Malware Scan Cancellation Completed).

Event reason Reason ID * Description Recommended action
Cancel by user 1 Anti-Malware scan was canceled manually. Run the scan again.
Server reboot 32 Anti-Malware scan was canceled, possibly because the computer being scanned was shut down or restarted.

Check that the computer is on and run the scan again.

Anti-Malware service restart 7 Anti-Malware scan was cancelled because the Anti-Malware service was being restarted.
  1. From the Computer or Policy editor, go to Anti-Malware > General.
  2. Make sure the Anti-Malware state is "On" or "Inherited (On)."
  3. Rerun the scan.
Deep Security Agent restart 6 Anti-Malware scan was cancelled because the agent was being restarted. Check that the Anti-Malware module is online and run the scan again.
  1. From the Computer or Policy editor, go to Anti-Malware > General.
  2. Make sure the Anti-Malware state is "On" or "Inherited (On)."
  3. Rerun the scan.

Also make sure there is no agent upgrade or policy change taking place during scanning because these tasks may cause the agent to restart.

Unknown reason -1 Anti-Malware scan was cancelled for an unknown reason.
  1. Collect the system event information and follow the procedure to Create a diagnostic package and logs.
  2. Contact support.

* The reason ID is included in events forwarded to an external Syslog, SIEM server, or to Amazon SNS. It is not displayed in the Workload Security console.