I've had a look through the policies and played with a few options but I can't see anyway of preventing users from initiating an On-demand scan.
What I'm looking to do is have a policy which stops users on virtual machines from performing On-demand scans.
Any ideas on this one?
i think the only way to do this is to not show any options in the system tray, that way users cannot right click on the agent/virusscan icon and scan computer for threats.
Addtionally, put a password on the virusscan console. That way all options are greyed out.Message was edited by: ZeusMaster on 2010/02/23 7:03:02 AM
Problem is they can still run Start/programs...... and launch the console and then right click the on demand task, or indeed right click any drive/folder and scan.
Just a thought: What if, at the NTFS file permissions level, you remove users' ability to access...
C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe
In testing it, it seemed to work for me and the on-access scanner still detected an EICAR I created on the computer.