Manualshelf

Product guide

ManualsBrandsMcAfee ManualsCamcorderVIRUSSCAN 8.7I
21222324252627282930
Scanning Items On-Access
The on-access scanner examines files on your computer as they are accessed to provide
continuous, real-time detection of threats. Both the Access Protection and Buffer Overflow
Protection features also use the on-access scanner to detect access point violations and buffer
overflow exploits respectively.
Contents
On-access scanning and how it works
Script scanning and how it works
Determining the number of scanning policies
Determining which risk to assign to a process
How general and process settings are configured
Configuring general settings
Configuring process settings
On-access scanning and how it works
The on-access scanner hooks into the system at the lowest levels (File-System Filter Driver),
acts as part of the system (System Service), and delivers notifications via the interface when
detections occur.
This example describes what happens when an attempt is made to open, close, or rename a
file. The scanner intercepts the operation and takes these actions.
1 The scanner determines if the file should be scanned based on this criteria:
The file’s extension matches the configuration.
The file has not been cached.
The file has not been excluded.
The file has not been previously scanned.
2 If the file meets the scanning criteria, it is scanned:
If the file is clean, the result is cached and read, write, or rename operation is granted.
If the file contains a threat, the operation is denied and the configured action is taken.
The results are recorded in the activity log if the scanner was configured to do so.
3 If the file does not meet the scanning requirements, it is not scanned. It is cached and the
operation is granted.
29McAfee VirusScan Enterprise 8.7i