cancel
Showing results for 
Search instead for 
Did you mean: 

Is there a way to log what is getting On-Access scanned?

Jump to solution
Is there a way to log what is getting On-Access scanned? Had a customer ask if there is a way to log everything that is getting on-access scanned to verify the exclusions they requested are working properly.
2 Solutions

Accepted Solutions
Highlighted
chealey McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Is there a way to log what is getting On-Access scanned?

Jump to solution

Sadly no. The best thing I can advise, is to use procmon: https://kc.mcafee.com/corporate/index?page=content&id=KB50981 or the profiler tool to see the top items being scanned.

This would be a great idea for a PER. However just to explain why we don't have this inbuilt: we scan far too many files per second for it to be reasonable to log this sort of information. The size of the log would be far too large for any functional use.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

jess_arman McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Is there a way to log what is getting On-Access scanned?

Jump to solution

@User72676622 The best solution for accomplishing their goal is to use the McAfee Profiler tool while accessing/interacting with the files & processes they've excluded. KB6968 answers quesitons about Profiler use and links to its download.

A ProcMon could be misleading and difficult to confirm based on, as mcshield will still sometimes appear to touch the file as it is processing to determine if the file is excluded, though it is not actually scanning the file.

To have this information included in future iterations of a debug OAS log, would be a PER as chealey mentioned, and could be submitted via the instructions in KB60021

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

2 Replies
Highlighted
chealey McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Is there a way to log what is getting On-Access scanned?

Jump to solution

Sadly no. The best thing I can advise, is to use procmon: https://kc.mcafee.com/corporate/index?page=content&id=KB50981 or the profiler tool to see the top items being scanned.

This would be a great idea for a PER. However just to explain why we don't have this inbuilt: we scan far too many files per second for it to be reasonable to log this sort of information. The size of the log would be far too large for any functional use.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

jess_arman McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Is there a way to log what is getting On-Access scanned?

Jump to solution

@User72676622 The best solution for accomplishing their goal is to use the McAfee Profiler tool while accessing/interacting with the files & processes they've excluded. KB6968 answers quesitons about Profiler use and links to its download.

A ProcMon could be misleading and difficult to confirm based on, as mcshield will still sometimes appear to touch the file as it is processing to determine if the file is excluded, though it is not actually scanning the file.

To have this information included in future iterations of a debug OAS log, would be a PER as chealey mentioned, and could be submitted via the instructions in KB60021

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community