Moved to Linux products forum for better response.
McAfee Volunteer Moderator - Business Products
VSCL is essentially a command line scanner and must be called to scan items. This is not like OnAccess Scanning at all.
So an item would be written to disk and you would have to call the scanner to act on that item with a series of parameters.
Not sure this would be in any way efficient at all and would suggest this not what it is designed for - this is CommandLine OnDemand Scanner - usually ODS would really be run at Off Peak times so not interfering with normal operations.
VSEL On-Access Scanner is "always on" and works based on the OS and kernel its is installed on
2.0.3 works with Kernel Fanotify on supported systems - e.g. Redhat\CentOS 7.x version (see readme\guide for other supported versions)
1.9.2 works with is compiled kernel modules - e.g. Redhat\CentOS 6.x versions (see readme\guide for other supported versions)
VSEL does not offer granularity of exclusion of dir for read or write - either Read Scanning is turned off or Write Scanning is turned off for the whole system.
Newer Product Enterprise Security for Linux 10.2.1 (10.2.0 with Patch1) is a much more efficient product. It determines to use Fanotify or modules on install (see list of supported OSes in readme/guide) and does offer the scanning where you could have Read and Write Scanning on all system stuff and exclude scanning of certain directories completely, for read scanning or for write scanning.
Remember though if scanning on this write by the will be intercepted and the scan will take place - the scan efficiency will most likely depend on what is passing through .... e.g. a 50Mb item will be much slower than a 20Kb item ....
If you are going to test anything I would suggest using ENSL 10.2 Patch 1 with 5900 engine...... of course this depends on whether the OS you intend for this purpose is supported.