Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 5

On Demand Scan Vs On Access Scan

Hi Team,

                      What are the advantages of  running both On Demand Scan and On Access Scan on a system. What extra On Demand Scan will do which On Access Scan Cant do. If there is a file infected with Virus if it is opened On Access Sacn will catch that. When On Demand scan runs that will also catch it. so what is the diffrence. Am i missing out on anything?

4 Replies
Level 12
Report Inappropriate Content
Message 2 of 5

Re: On Demand Scan Vs On Access Scan

On Access scans things that are currently running in memory or being used on the system. The On Demand Scan goes further by scanning data at rest, or files not being actively used.

Re: On Demand Scan Vs On Access Scan

But wouldn't they be detected by McAfee on-access if they were to be actively loaded or accessed?

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: On Demand Scan Vs On Access Scan

Hi @MillerTime 

Thanks for posting on the community.

Your statement is indeed correct but for example if a malware was dropped on to the system without it being actively loaded or accessed it would remain on the system undetected until an ODS task was executed or it was loaded by a user. So to avoid the risk of it being executed, running an ODS task is advised.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: On Demand Scan Vs On Access Scan

Hello @kevin_27 

When we are talking about On-Access Scan (OAS) and On-Demand Scan (ODS), we are talking about 2 different functions where one of them, as you already know, is real time scanning and second one is more like health check of what is on system.

There are 2 used case scenarios why both of them should be used.

01. There was no detection at the time when Malware was written on machine

So, this one is self-explanatory. At the time when Malware is maybe written to HDD, it was unknown and now it just sits there. And yes, argument is if something access it later on it should be detected then by OAS, but also what if you remove AV protection at some point and your machine is unprotected for any reason, is it worth of risk?

Other option, that is even more lickely, is that you may have detection, but file is located in some excluded folder or accessed by excluded process and OAS doesn't act against it even if detection is present, which is also part of my next scenario.

02. Sometimes exclusions are just needed and you want to make sure nothing fishy is going on.

So like we said, OAS is real time scan where if some process tries to read something from HDD or write something on HDD it gets intercepted for the file to be scanned before it gets allowed to perform action in place. That interception can be super short, but like in real world in world of software we also have lot of if behaving like, let us say, divas.

The diva processes are not accepting to have any delay or any interruption from any AV software, not only McAfee, regardless how brief that interruption or interaction may be. They want their file accesses and they want it now and they are not allowing any "Paparazzi" AV to look at them and what they are doing.

As any AV company, we want to scan everything to ensure your are fully protected, however, we do understand the need for something to be excluded from our scan and we allowed those exclusions to be configured based on application venror's recommendation hence we have KBs like:

*** Consolidated list of Endpoint Security/VirusScan Enterprise exclusion articles

*** Understanding High-Risk, Low-Risk, and Default processes configuration and usage

*** Why some processes should be added to low-risk exclusions

So there is possibility that some processes in your environment may be out of reach for OAS when they are performing "transactions" or some locations on your HDD will not be reachable to OAS, like some tax havens and because of that we have ODS to play the role of IRS, maybe every 7 days if everything is OK and we follow:

*** Best practices for on-demand scans in Endpoint Security and VirusScan Enterprise

and make sure there is no fishy business, especially if you are using just one standard configuration instead Standard/High Risk/Low Risk one and have lot of file/folder exclusions.

Because of exclusions VSE will be there NOT to interfere with sensitive programs with OAS when they operate, however, with ODS will make sure to check what they are actually writing in those locations at least once a week.

Conclusion is that there is no really "On Demand Scan Vs On Access Scan", because they are playing different roles on machine and, as you may see based on 2 used scenarios, they are complementing each other.

I hope this helps.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community