Yes, it is possible to disable the on-access scanner. However, if it is managed via EPO, then the EPO policies will re-enable it. Not too sure why you want to do this as it is a HUGE security risk. Disabling the on-acess is like driving blind and will mean that you will have no active anti-virus protection. You will open your system is compromise which won't get caught until the weekly scan. With the ever varying threats, I would recommend against doing this.
Exactly why do you want to do this?
A customer we support is requesting this to speed up performance. To clarify they have asked to disable 'access protection', same as access scanner? Would open the server up to the same vulnerability I believe. It is managed from ePO 4.5.
As Twenden has said - it's certainly possible to do this, but in my humble opionion you would be clinically insane to do so
When (I stress when, not if) they get infected - which I would imagine will happen within the first day, probably within the first two hours - the amoutn of time and effort spent cleaning up will far, far outweigh any benefits they may have gained. It's kind of hard to benefit from "speeded up performance" when your entire organisation is offline.
There are a lot of better ways to tune performance than simply turning off on-access scanning. I'm sure many of the posters here will be able to offer advice on high-risk / low-risk processes, exclusions for common file types and applications, and so on.
You must explain to your customer why this is such a bad idea. I cannot stress this strongly enough
Are you referring to de-selecting the "Enable Access Protection" which is in the "Access Protection Policies" section of the VirusScan 8.7i policy? Or are you referring to disabling "On-Access" protection which would basically shutdown any real-time virus protection?
The reason I ask for clarification is that these are 2 very different and drastic scenarios. One I would highly recommend "not" doing and that would be turning off "Access Protection" (real-time scanning).
That's an extremely good point, and one which I missed originally - thanks for pointing it out! As you say, the answer to this question may completely change things