One of the actions which VirusScan Enterprise's On-Access Scanner can be configured to take is "Deny access to file." I've been unable to find any information on what that really means. Does VirusScan manipulate NTFS ACLs on these files? Or is it some other mechanism?
I believe Mcafee injects (hooks) itself into system processes and every other process and directly blocks the access to that file. I'm not sure though if it just catches and blocks some "read" system calls or if it does it differently.