Is it possible to completely disable On-Access file scanner using ePO?
Sometimes we need to temporarily disable the antivirus on specific servers to perform some changes. It's possible to turn off Access protection using On-Access General Policies. However, I can't disable both "When writing to disk" and "When reading from disk" settings in On-Access Default Protection Policies. One of them must be enabled, or the system doesn't allow me to save the policy.
Yes, I can stop the McShield service on such servers but it requires to do it manually on every server (and there can be many of them). In addition, it creates compliance issues we have to formally address every day. So I'd like to do it from the central location without stopping antivirus settings. Or do I want too much?
You can disable OAS - Create a Test On-Access General Policies and under Enable on-access scanning: (Un-check) Enable on-access scanning when the policy is enforced .... assign policy to a test server, update policy on that server and verify that OAS is disabled. .
, You have to create a custom policy as tao suggested earlier turning off OAS protection. In order to re-use on different or multiple servers, what you could also setup is tag based policy (look in to "Policy Assignment Rules" in ePO). Meaning you can associate that custom tag (name it OAS.off or something meaningful to you), and the custom policy. Then all you have to do is apply this tag on your systems where you want OAS off temporarily. When you are done with your maintenance, you can simply remove that tag and systems will inherit whatever policies you have applied.