This content has been marked as final. Show 8 replies
I believe the On-Access Scan Statistics are not an indication of the file scanning process, but more an indication of the "monitoring" process.
Even though the files/folders are excluded, something is always running to "observe" file open/read/write access. That is what the statistic are actually reporting as the "Last file scanned"
Hopefully, someone else will confirm.
I believe the ePONinja is correct with his statement. All files on all drives are constantly under watch by VirusScan's OAS technology, but it doesn't necessarily mean they're being scanned for threats. I've had a hard time proving this to upper management before, as I don't believe that's documented on paper (I could be wrong about that though).
is there a way to get an extended log to validate the files were not actually scanned? i am having a debate with a vendor regarding their app and file exclusions, but i have nothing with any teeth to give them.
as a test to satisfy myself here is what i did.
1. created a directory c:\dir\subdir
2. added an exclusion of \subdir\
3. pasted a file from elsewhere to c:\dir\subdir\
4. on access count went up 1
5. added complete path exclusion "c:\dir\subdir\"
6. pasted a file, count did not go up.
my problem is that we have certain directories that may be on different drives. Support and prof services asured me that using the \subir\ will work as a "blanket" exclusion of that folder name no matter where it resides.
Thanks in advance for any help.
well if this information was easier to find i would not hava had a problem!!! Both Support and the onsite PSE set these exclusions and it just burned me good.
Thanks for the info. i will try it.
is there a way to export-->modify-->import the oas and scheduled scan exclusions?
also, my original question....
is there a way to turn on extended logging for a period of time to see the on access files being scanned?
no you cant eport ( pain!!)
you CAN switch on file logging with the command line scanner so I guess its possible with switches for a scheduled scan with comand line scan32.exe not sure it works with OAS though
Note to MCAFEE!!!!
Please make ALL configurations exportable/importable!!! this only makes good sense in any app!!!
Let's get with it guys!!!!