cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 11

How can we get the On Access Scanner in Endpoint to scan on both read and write?

How can we get the On Access Scanner in Endpoint to scan on both read and write?

10 Replies
tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 11

Re: How can we get the On Access Scanner in Endpoint to scan on both read and write?

Under the Threat Prevention — On-Access Scan Policy:

Options/ON-ACCESS SCAN: Scan when copying between local folders (Disabled by default)

AND

Advanced Options/Scanning: When to scan - When writing to disk, When Reading from disk, Let McAfee decide ....

Page 101

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26619/en_US/...

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 11

Re: How can we get the On Access Scanner in Endpoint to scan on both read and write?

I read, but I did not understand how to scan in writing and reading at the same time like VirusScan , do you have an example of On_AccesScan_Activity . log?
tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 11

Re: How can we get the On Access Scanner in Endpoint to scan on both read and write?

"...how to scan in writing and reading at the same time like VirusScan..." You should be able to toggle on either or both within the Threat Prevention — On-Access Scan Policy/Advanced Options/Scanning - take a look at the your policy, specifically:

When writing to disk:

Attempts to scan all files as they are written to or changed on the computer or other data storage device.

When reading from disk:

Scans all files as they are read from the computer or other data storage device

As for "On_AccesScan_Activity . log" unless McAfee has changed their logging - detailed (what/when files are being scanned) logging is not avaialbe due to amount of overhead of logging every file/executable/processes that triggers OAS'ing.

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
johnmoe
Level 11
Report Inappropriate Content
Message 5 of 11

Re: How can we get the On Access Scanner in Endpoint to scan on both read and write?

​, the options aren't checkboxes that you can select one or more; it's a radio button group that you can only select one:

ss.JPG

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 11

Re: How can we get the On Access Scanner in Endpoint to scan on both read and write?

Do you have an example of On_AccesScan_Activity . log please?

johnmoe
Level 11
Report Inappropriate Content
Message 7 of 11

Re: How can we get the On Access Scanner in Endpoint to scan on both read and write?

When I look in that log, the only information I can see is what version of AMCore is in use, when I had an EXTRA.DAT in use, and a few files that got flagged as detections (some testing I was doing).  It doesn't tell me whether it was on read or write, and my policy is on the default "Let McAFee decide". If you want to do some testing around reading and writing, you can use the EICAR test file for that, and see what gets logged and what doesn't.

tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 11

Re: How can we get the On Access Scanner in Endpoint to scan on both read and write?

Well, looking over ENS10 documentation it would appear that on Win OS there is only ONE choice of three options: Read, Write or McAfee.

“Let McAfee Decide”: When you let McAfee/Intel Security decide whether a file requires scanning, the on-access scanner uses trust logic to optimize scanning. Trust logic improves security and boosts performance by avoiding unnecessary scans. For example, it analyzes and considers some programs to be trustworthy. If it verifies that these programs haven’t been tampered with, the scanner might perform reduced or optimized scanning. Please refer to the McAfee AMCore Trust Model document for further details on the McAfee AMCore scanning mechanism.

Page 10 https://www.mcafee.com/us/resources/white-papers/wp-understanding-ep-security-10-module.pdf

AMCore Technology Overview: Driver behind Endpoint Security Threat Prevention Policy - Let McAfee Decide

Side Note: Endpoint Security Threat Prevention Policy for Mac's; still has ....select ONE of these options: Read, Write or Read & Write

Page 31 https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26216/en_US/...

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
johnmoe
Level 11
Report Inappropriate Content
Message 9 of 11

Re: How can we get the On Access Scanner in Endpoint to scan on both read and write?

​, yeah, one of the benefits of ENS is that the policies are centrally managed; the same policy that I use to configure Windows systems gets pushed to the Mac and Linux clients as well (as far as they support the feature), unlike VSE that has separate policies for each O/S.

tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 10 of 11

Re: How can we get the On Access Scanner in Endpoint to scan on both read and write?

It appears that Mac still has the Read & Write as an option.

Mac: Page 31 https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 26000/PD26216/en_US...

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community