4 Replies Latest reply on Jan 2, 2014 2:16 PM by Scott Sadlocha

    Turn Off On-Access Scanning Via Policy

    Scott Sadlocha

      Hello McAfee Community,

      I am wondering if there is a way to turn off On-Access Scanning via policy. In several situations, we have wanted to disable On-Access Scanning to test some troubleshooting, and I am trying to determine whether we can do it through policy. Looking at On-Access General, it seems that we can, but I want to clarify whether On-Access Default Processes come into play.

       

      On-Access General has the following checkboxes, and I am hoping that unchecking a majority of them (under Scan: and especially Enable On-Access Scanning:) will turn off OAS completely:

       

      OAS.JPG

       

      However, in On-Access Default Processes, you are unable to uncheck all items, and are forced to scan inbound or outbound (under Scan Files:--unchecking all results in an error).

       

      OAS2.JPG

      What I would like to know, is whether the On-Access General catches all other policies. Does disabling scanning there truly disable it everywhere? Or does On-Access General act as its own policy and enable certain aspects individually? If any of this is obvious, I apologize. I am relatively new to the McAfee arena and trying to get knowledgeable on all aspects. Any information would be greatly appreciated.

        • 1. Re: Turn Off On-Access Scanning Via Policy
          petersimmons

          Turning off "Scan on Reads" in your second screenshot SIGNIFICANTLY degrades your protection level. You really want that turn ON at all times. To effectively get you what you want for testing, turn off Scan on reads and writes in that policy.

           

          Again, I cannot stress too highly the dangers of turning off "Scan on reads".

           

          Also, scanning inside archives with the on-access scanner does degrade performance signficantly without any real benefit. Turning this off will definitely help performance without affecting your level of security.

          1 of 1 people found this helpful
          • 2. Re: Turn Off On-Access Scanning Via Policy
            Scott Sadlocha

            Thanks for the information Peter. Again, this is being set up as a test policy to troubleshoot some items and is not intended as a permanent policy. I was looking for a way to turn off OAS temporarily while keeping VSE installed on devices.

             

            In the second screenshot, I have found that unchecking Read and Write generates an error message indicating that either inbound or outbound scanning needs to be enabled.  So, what I would like to know is whether unchecking pretty much all of the items in the first screenshot effectively turns off OAS, regardless of what is checked in the second screenshot.

            • 3. Re: Turn Off On-Access Scanning Via Policy
              petersimmons

              Sorry if I wasn't clear, in the second screenshot turning off reading and writing effectively turns off all scanning.

              • 4. Re: Turn Off On-Access Scanning Via Policy
                Scott Sadlocha

                Peter, you were very clear. Unfortunately, I wasn't.

                 

                In the second screenshot, if I turn off reading and writing, the ePO console puts up an error message in red font indicating that one of them has to be checked. I then have to check one of them before saving the policy. So my question boils down to this:

                 

                If I have to leave one of them checked on the second screenshot, does unchecking everything in the first screenshot preempt those rules in the second screenshot and disable OAS?


                Thanks!