4 Replies Latest reply on Feb 7, 2008 8:50 PM by wasbo

    Policy to allow for disabling of On-Access Scanner?

      Hello All-

      First it should be noted that we are utilizing ePolicy Orchestrator v3.6.1, CMA 3.6.0 Patch 1 with VirusScan Enterprise v8.5 Patch 1.

      We currently enforce customized policies on all machines that also includes password-protected options turned on. However we have a situation with our developers (we are a software development company) where they would like to be able to disable the On-Access Scanner for short periods of time while performing specific tasks, such as testing or compiling.

      The only option I see in order to accomplish this is in the On-Access General Policies and the option:

      - Enable on-access scanning when the policy is enforced. (Deselect this option to disable on-access scanning when the policy is enforced)

      If you deselect this option the On-Access Scanner is disabled upon start up, just as the option states.

      However I do not want the On-Access Scanner to be disabled by default, I would just like the users to be able to disable it if needed and then have it auto-enable at the next enforcement interval.

      Has anyone come across this before or do you have any suggestions on how to accomplish this?

        • 1. RE: Policy to allow for disabling of On-Access Scanner?
          Can you just set that policy to not enforce for that machine/group?
          • 2. RE: Policy to allow for disabling of On-Access Scanner?
            Access protection rules may block them switching off scanning from the systray interface, so you may need to alter these rules to allow it (see below)

            As an added security feature in VirusScan Enterprise 8.5i, Access Protection has been updated with the ability to deny access to users or applications attempting to stop McAfee services. This feature can be disabled throught the VirusScan Console.

            Use one of the following options to open the VirusScan Console:

            From the system tray - right-click the VirusScan Enterprise icon in the system tray.

            From the Start menu - click Start, Programs, Mcafee.

            Select VirusScan Console.
            Double-click Access Protection.Uncheck Prevent McAfee Services from being stopped and click OK.
            Close the VirusScan Console.
            In the system tray, right-click the VirusScan icon and select Disable On-Access Scan.

            Apart from that just use the user interface policies to password access to the disable OA scanning selection and then give your developers the password.

            Just tell them to check every xxx(policy enforcement interval) and make sure its off again as EPO will kick it in (or temp turn off framework service too)
            • 3. RE: Policy to allow for disabling of On-Access Scanner?
              I would figure out which applications they are running and utilize high and low risk groups.

              Disabling on access makes no sense as these developers will be surfing the web and other things which are common threat vectors.

              Most likely they are using clearcase, perforce, etc. and experiencing performance issues that can be tuned out.
              • 4. RE: Policy to allow for disabling of On-Access Scanner?
                what if my on-access scanner will not be disabled? I have already unchecked the box and it still won't be disabled, are there other ways to disable the OAS?