4 Replies Latest reply on Apr 29, 2010 5:03 PM by Crash28

    Testing On Access Scanning


      I've created two local sub folders on my C: drive. One is configured as an exclusion, the other is not. I've created a file within sub folder and continuously opening and closing the file. My on access scanning log file "appears" to get updated. I say appears as the Date Modified time changes but upon opening the file in notepad the last entry is the previous day.


      My goal is to test On Access Scanning and view what is taking place in the logs. Reason being, one of my users DB server failed due to "On Access Scanning" scanning a location that was in the exclusion list. He wants to know why.


      Any help would be greatly appreciated.



        • 1. Re: Testing On Access Scanning

          My understanding is that even with OAS disabled for a directory, it will still "touch" a file, but won't actually scan it.


          This is because it still needs to filter the file request (as McAfee scanning is so integrated into the OS), but when it knows that it is on the exemption list, won't physically scan it.


          If you look at the Statistics page, it should not increment the number of files scanned.


          Here's a simple way for you to test this out for yourself. Open up VSE, and add an exclusion for C:\ (and any other drives), and also tick the "include subdirs" option. Then the OAS will be enabled on the computer, but nothing should be scanned.


          Perhaps someone from McAfee can comment further about expected behaviour etc.



          Message was edited by: Mal09 on 29/04/10 18:22:30 GMT
          • 2. Re: Testing On Access Scanning

            Where is this Statistics page you mention?



            • 3. Re: Testing On Access Scanning

              Under the VirusScan Console right-click 'On-Access Scanner" and select 'Statistics'.



              • 4. Re: Testing On Access Scanning

                That's the ticket. Thanks. It worked perfectly and I know it's at least working now.


                I had a look at my users server and noticed in his exclusion list he had multiple drives with similar entries. For instance drives F, G, and H. This is what the entries looked like for F but are the same for each drive. Note, each entry is configured with "Exclude subfolders".






                My logic told me the first entry is all that is needed. After speaking with my user he mentioned the double slash and folder entry were automatically entered after he clicked on the drive via the browse option. Have you ran into this before and do all entries need to exist or just the F:\ will do?


                Thanks again.