Under the Threat Prevention — On-Access Scan Policy:
Options/ON-ACCESS SCAN: Scan when copying between local folders (Disabled by default)
Advanced Options/Scanning: When to scan - When writing to disk, When Reading from disk, Let McAfee decide ....
I read, but I did not understand how to scan in writing and reading at the same time like VirusScan , do you have an example of On_AccesScan_Activity . log?
"...how to scan in writing and reading at the same time like VirusScan..." You should be able to toggle on either or both within the Threat Prevention — On-Access Scan Policy/Advanced Options/Scanning - take a look at the your policy, specifically:
When writing to disk:
Attempts to scan all files as they are written to or changed on the computer or other data storage device.
When reading from disk:
Scans all files as they are read from the computer or other data storage device
As for "On_AccesScan_Activity . log" unless McAfee has changed their logging - detailed (what/when files are being scanned) logging is not avaialbe due to amount of overhead of logging every file/executable/processes that triggers OAS'ing.
Do you have an example of On_AccesScan_Activity . log please?
When I look in that log, the only information I can see is what version of AMCore is in use, when I had an EXTRA.DAT in use, and a few files that got flagged as detections (some testing I was doing). It doesn't tell me whether it was on read or write, and my policy is on the default "Let McAFee decide". If you want to do some testing around reading and writing, you can use the EICAR test file for that, and see what gets logged and what doesn't.
Well, looking over ENS10 documentation it would appear that on Win OS there is only ONE choice of three options: Read, Write or McAfee.
“Let McAfee Decide”: When you let McAfee/Intel Security decide whether a file requires scanning, the on-access scanner uses trust logic to optimize scanning. Trust logic improves security and boosts performance by avoiding unnecessary scans. For example, it analyzes and considers some programs to be trustworthy. If it verifies that these programs haven’t been tampered with, the scanner might perform reduced or optimized scanning. Please refer to the McAfee AMCore Trust Model document for further details on the McAfee AMCore scanning mechanism.
AMCore Technology Overview: Driver behind Endpoint Security Threat Prevention Policy - Let McAfee Decide
Side Note: Endpoint Security Threat Prevention Policy for Mac's; still has ....select ONE of these options: Read, Write or Read & Write
tao, yeah, one of the benefits of ENS is that the policies are centrally managed; the same policy that I use to configure Windows systems gets pushed to the Mac and Linux clients as well (as far as they support the feature), unlike VSE that has separate policies for each O/S.
johnmoe It appears that Mac still has the Read & Write as an option.