cancel
Showing results for 
Search instead for 
Did you mean: 

Turn Off On-Access Scanning Via Policy

Hello McAfee Community,

I am wondering if there is a way to turn off On-Access Scanning via policy. In several situations, we have wanted to disable On-Access Scanning to test some troubleshooting, and I am trying to determine whether we can do it through policy. Looking at On-Access General, it seems that we can, but I want to clarify whether On-Access Default Processes come into play.

On-Access General has the following checkboxes, and I am hoping that unchecking a majority of them (under Scan: and especially Enable On-Access Scanning:) will turn off OAS completely:

OAS.JPG

However, in On-Access Default Processes, you are unable to uncheck all items, and are forced to scan inbound or outbound (under Scan Files:--unchecking all results in an error).

OAS2.JPG

What I would like to know, is whether the On-Access General catches all other policies. Does disabling scanning there truly disable it everywhere? Or does On-Access General act as its own policy and enable certain aspects individually? If any of this is obvious, I apologize. I am relatively new to the McAfee arena and trying to get knowledgeable on all aspects. Any information would be greatly appreciated.

4 Replies
Highlighted

Re: Turn Off On-Access Scanning Via Policy

Turning off "Scan on Reads" in your second screenshot SIGNIFICANTLY degrades your protection level. You really want that turn ON at all times. To effectively get you what you want for testing, turn off Scan on reads and writes in that policy.

Again, I cannot stress too highly the dangers of turning off "Scan on reads".

Also, scanning inside archives with the on-access scanner does degrade performance signficantly without any real benefit. Turning this off will definitely help performance without affecting your level of security.

Re: Turn Off On-Access Scanning Via Policy

Thanks for the information Peter. Again, this is being set up as a test policy to troubleshoot some items and is not intended as a permanent policy. I was looking for a way to turn off OAS temporarily while keeping VSE installed on devices.

In the second screenshot, I have found that unchecking Read and Write generates an error message indicating that either inbound or outbound scanning needs to be enabled.  So, what I would like to know is whether unchecking pretty much all of the items in the first screenshot effectively turns off OAS, regardless of what is checked in the second screenshot.

Re: Turn Off On-Access Scanning Via Policy

Sorry if I wasn't clear, in the second screenshot turning off reading and writing effectively turns off all scanning.

Re: Turn Off On-Access Scanning Via Policy

Peter, you were very clear. Unfortunately, I wasn't.

In the second screenshot, if I turn off reading and writing, the ePO console puts up an error message in red font indicating that one of them has to be checked. I then have to check one of them before saving the policy. So my question boils down to this:

If I have to leave one of them checked on the second screenshot, does unchecking everything in the first screenshot preempt those rules in the second screenshot and disable OAS?


Thanks!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community