Create an on-demand scan task

To configure a scan with your custom settings, create an on-demand task.

Task

  1. Log on to the system as a user with administrator rights.
  2. Change directory to the /bin folder of the software.
    cd /opt/McAfee/ens/tp/bin
  3. Run a command using this syntax.
    ./mfetpcli --addodstask --name [task name] [additional options]
    Replace [task name] with the name that you want to set. The task name is a mandatory field and must be unique.
    Multiple tasks can be configured with different settings.
    Replace [additional options] with the settings that you need.
    Option Values Description Note
    --scanarchive

    enable (default)

    disable

    Examines the contents of archive (compressed) files, including .jar files.
    Caution: Scanning archives is resource-intensive and affects performance.
    --scanmime

    enable

    disable (default)

    Detects, decodes, and scans Multipurpose Internet Mail Extensions (MIME) encoded files.
    --scanpups

    enable (default)

    disable

    Detects, decodes, and scans potentially unwanted programs.
    --scanunknownprograms

    enable (default)

    disable

    Detects, decodes, and scans unknown program files.
    --scanunknownmacros

    enable (default)

    disable

    Detects, decodes, and scans unknown macro viruses.
    --scanlocaldrives

    enable

    disable

    Scans all regular files under locally mounted file systems. An on-demand task runs a scan on the configured files and directories. So you must set a scan path using one of these options.

    --scanlocaldrives enable

    --scantmpfolders enable

    --scannetworkdrives enable

    --scanpaths [path]

    --scanpaths Absolute file name, just the name of a file, or Absolute name of the directory, specified according to these guidelines:
    • An Absolute file name and directory name must start with a slash [/].
    • A directory must end with a slash [/].
    • Multiple comma-separated values are allowed.
    • If any values have spaces in between, specify the value in double quotes ("").
    Includes the specified files or directories to the scan.
    --scantmpfolders

    enable

    disable

    Scans all files under these directories in the system:

    /tmp

    /usr/local/tmp

    /var/tmp

    --scannetworkdrives

    enable

    disable

    Iterates and scans all network mount points on the system.

    Restricted to NFS and CIFS shares mounted on the system.

    --scansubfolders

    enable

    disable

    Iterates through the folders specified. Only applicable when specified with these options:

    scanlocaldrives

    scanpaths

    scantmpfolders

    scannetworkdrives

    --filetypestoscan
    • all (default and recommended) — Scans all files.
    • defaultandspecified — Scans the default files and files with specified extensions.
    • onlyspecified — Scans only files as the user specifies. Mention at least one file type using addfiletype.
    Specifies which file types to scan.
    --scanmacros

    enable

    disable

    Scans for known macro threats in the list of default and specified files. Only applicable with filetypestoscan
    --addfiletype Extension name — The file types are specified as extension names and support the wildcard [?]. Duplicate entries are automatically removed. Adds file types to the default or specified user-defined list.
    --delfiletype [extension name] Extension names — Specify the entry to be deleted. Deletes file types from the user-defined list of the file.
    --noextension

    enable

    disable

    Specifies files to be scanned with no extension.
    --excludepaths Absolute file name, just the name of a file or Absolute name of the directory, specified according to these guidelines:
    • Wildcards [*, ?] are allowed.
    • An Absolute file name and directory name must start with a slash [/].
    • A directory must end with a slash[/].
    • Multiple comma-separated values are allowed.
    • If any values have spaces in between, specify the values in double quotes ("").
    Excludes the specified files or directories from the scan.
    --excludefiletype Extension names, specified according to these guidelines:
    • Wildcard [?] is allowed.
    • Multiple comma-separated values are allowed.
    • If any of the values have spaces in between, specify the value in double quotes ("").
    Specifies the extensions for exclusion.
    -- excludepathwithsubfolder Excludes the specified directory and it's all sub directories. Only applicable for directories specified as part of excludepaths.
    --usescancache

    enable

    disable

    Specifies to use the On-Access Scan cache lookup while scanning files for this task.
    --primaryaction
    • continue — No action is taken and the event is logged.
    • clean (default) — Removes the threat from the detected file, if possible. The original file is quarantined by default.
    • delete — Deletes files with potential threats. The original file is quarantined by default.
    Sets the primary scan action for threat detection. If the primary action fails, the secondary action is performed.
    --secondaryaction
    • continue — No action is taken and the event is logged.
    • delete (default) — Deletes files with potential threats. The original file is quarantined by default.
    This action is performed when primary action fails. This option is only available when primaryaction is specified as clean.

    For the primary action Delete, the only secondary option valid is Continue.

    --primaryactionpup
    • continue — No action is taken and the event is logged.
    • clean(default) — Removes the threat from the detected file, if possible. The original file is quarantined by default.
    • delete — Deletes files with potential threats. The original file is quarantined by default.
    Sets the primary scan action for potentially unwanted programs. If the primary action fails, the secondary action is performed.
    --secondaryactionpup
    • continue — No action is taken and the event is logged.
    • delete (default) — Deletes files with potential threats. The original file is quarantined by default.
    This action is performed when primary action for potentially unwanted programs fails. This option is only available when primaryaction is specified as clean.
    --gti
    • enable — Enables McAfee GTI file rating.
    • disable Disables McAfee GTI file rating.
    • sensitivity Sets the sensitivity level of McAfee GTI file rating.
    The sensitivity option is available only when McAfee GTI file rating is enabled for the scan.
    --setmaxcpulimit value The allowed range is 25 to 100. By default, the value is set to 80.
    Example: ./mfetpcli --addodstask --name odstask --scanlocaldrives enable

    The command adds the on-demand task with task name odstask, which scans only the local drives on the system.