C-Mode (CDOT, or Cluster Mode) is a NetApp ONTAP configuration in which two or more controllers operate as one shared storage cluster or resource pool. This configuration allows for faster and enhanced filer storage and performance, but has some additional system requirements to consider for the ENSSP scanner.
The requirements are:
- The NetApp administrator must provision:
- The vscan configuration on the SVMs (Storage Virtual Machines) according to NetApp documentation.
- The Privileged user account to match the ENSSP service account.
- NetApp Data ONTAP Antivirus Connector on the ENSSP scanner.
This provisioning must occur before ENSSP can interact with the storage appliance.
Requirement Source: NetApp
Related Document: NetApp Library: Configuring vscan servers
- The local loopback IP address 127.0.0.1 must be in the Network Appliance Filers list in ENSSP, as if it were a storage appliance. The NetApp Data ONTAP Antivirus Connector running on the scanner node issues scan requests on behalf of its registered storage appliances to ENSSP from the local loopback IP address 127.0.0.1.
- Verify the ENSSP Maximum scan time (seconds) is set to 25 seconds.
Requirement source: Microsoft, NetApp, Trellix
The default is 60 seconds. NetApp Clustered Data ONTAP 'C-Mode' defaults to the 30-second timeout. You must change the ENSSP timeout to 25 seconds so that the ENSSP scanner times out before the storage appliance.
From the ePO console:
- View the properties of the Network Appliance Filer AV Scanner.
- Select the Performance tab.
- Select Scan Time, and then Maximum scan time (seconds).
- Change the timeout to 25 seconds. This setting prevents the CIFS protocol on the originating end node from timing out before the scan request result.
NOTE: The Microsoft Windows default CIFS timeout in currently supported Windows versions is 60 seconds.
Related Documents:
NetApp article: Recommended value for vscan timeout settings
Microsoft TechNet: SessTimeout