Malware Analysis Appliance getting large task queue


Article ID: 169893


Updated On:


Malware Analysis Software - MA


Symantec Malware Analysis Appliance (MAA) is showing abnormally high task queues


Some of the reasons as to why MAA is processing abnormally high tasks:

  1. If CAS sends files to two or more iVM profiles
  2. If CAS is set to use a lot of plugins in each of the profiles
  3. If there are more than 1 CAS configured to connect/send files to one MAA
  4. If .ttf is being select in CAS for file submission to MAA



Analysis of data capture:
-Tasks observed to be queued in MAA (Analysis Center>View All Tasks) and can see duplicate samples being queued
-System statistics in System info from MAA User interface showing a spike of task processing for complete 24 hours/7 days and IntellVM queue.
-Checking the output of 'https:///rapi/system/queues' shows burst of tasks processing


  1. For the greatest capacity, recommend to use only a single iVM profile for automated tasks in production. Multiple profiles can be used with manual analysis when manual analysis occurs infrequently in most environments; CAS UI>Services>Sandboxing>Blue Coat Malware Analysis Appliance>Tasks
  2.  Select only 1 specific plugin to be used for selected iVM profile in CAS sandboxing settings.
  3. Unselect .ttf files for file submission in CAS sandboxing settings; CAS UI>Services>Sandboxing>File Types and Extensions
  4. For a lot files being queued without being processed, suggest to purge task queues following article in TECH241063-