diff --git a/lib/generic-handlers.js b/lib/generic-handlers.js
index 299bb333..8c73b071 100644
--- a/lib/generic-handlers.js
+++ b/lib/generic-handlers.js
@@ -179,7 +179,7 @@ async function validateAttachment(req) {
         const malwareScanner = await cds.connect.to("malwareScanner")
 
         // Set status to Scanning and commit before emitting event to prevent race conditions
-        cds.tx(
+        await cds.tx(
           async () =>
             await malwareScanner.updateStatus(target, keys, "Scanning"),
         )
@@ -289,21 +289,6 @@ async function validateAttachmentSize(req, validateContentLength = false) {
       }
     })
 
-    cds.spawn(async () => {
-      try {
-        const AttachmentsSrv = await cds.connect.to("attachments")
-        await AttachmentsSrv.emit("AttachmentSizeExceeded", {
-          target: req.target.name,
-          keys: req.data.ID ? { ID: req.data.ID } : {},
-          filename: attachmentRef?.filename ?? "n/a",
-          fileSize: length,
-          maxFileSize,
-        })
-      } catch (err) {
-        LOG.error("Failed to emit AttachmentSizeExceeded", err)
-      }
-    })
-
     req.reject({
       status: 413,
       message: "AttachmentSizeExceeded",
diff --git a/tests/integration/attachments-non-draft.test.js b/tests/integration/attachments-non-draft.test.js
index da420969..ee423c2a 100644
--- a/tests/integration/attachments-non-draft.test.js
+++ b/tests/integration/attachments-non-draft.test.js
@@ -4,6 +4,7 @@ const {
   waitForScanStatus,
   newIncident,
   waitForDeletion,
+  delay,
 } = require("../utils/testUtils")
 const { join, resolve } = cds.utils.path
 const { createReadStream, readFileSync, statSync } = cds.utils.fs
@@ -19,6 +20,9 @@ describe("Tests for uploading/deleting and fetching attachments through API call
   let log = test.log()
   const { createAttachmentMetadata, uploadAttachmentContent } = createHelpers()
 
+  // Allow background operations (malware scan status updates) to complete before teardown
+  afterAll(() => delay(2000))
+
   it("Create new entity and ensuring nothing attachment related crashes", async () => {
     const resCreate = await POST("/odata/v4/admin/Incidents", {
       title: "New Incident",
diff --git a/tests/unit/validateAttachmentMimeType.test.js b/tests/unit/validateAttachmentMimeType.test.js
index 379ecb65..26860144 100644
--- a/tests/unit/validateAttachmentMimeType.test.js
+++ b/tests/unit/validateAttachmentMimeType.test.js
@@ -5,11 +5,14 @@ const { join } = cds.utils.path
 const app = join(__dirname, "../incidents-app")
 const { axios, POST, PUT, GET } = cds.test(app)
 const { validateAttachmentMimeType } = require("../../lib/generic-handlers")
-const { newIncident } = require("../utils/testUtils")
+const { newIncident, delay } = require("../utils/testUtils")
 
 describe("validateAttachmentMimeType - Content-Type header bypass security test", () => {
   axios.defaults.auth = { username: "alice" }
 
+  // Allow background operations (malware scan status updates) to complete before teardown
+  afterAll(() => delay(2000))
+
   /**
    * Security Test: Content-Type Header Bypass Attack
    *