Enable and configure on-demand scans

You can modify the on-demand scan policy to enable system on-demand scans, and to determine the schedule and frequency of scans.

Before you begin

You installed the McAfee MOVE AntiVirus extension on the McAfee ePO server.

By default, on-demand scans are not enabled. Other scan settings (for example, exclusions) are inherited from the client scan policy.

For details about product features, usage, and best practices, click ? or Help.

Task

  1. Log on to McAfee ePO as an administrator.
  2. Select MenuPolicyPolicy Catalog, then from the Product list select MOVE AntiVirus 4.5.0.
  3. From the Category list, select On Demand Scan.
  4. Click the name of an editable policy.
  5. Configure these settings, then click Save.
    For this... Do this...
    Enable On-demand Scan Select Enable on-demand scan.
    • Specify maximum time for each file scan ____ seconds — Enter the appropriate amount for your environment. We recommend 45.
    • Run on-demand scan for every ____ days — Enter the appropriate amount for your environment. We recommend 7.
    • On-demand scan will stop after____ minutes — The amount of time to wait for a scan to complete, in minutes. Defaults to 150 minutes. This is the duration for which a McAfee MOVE AntiVirus Agent waits for scan response of a file from the SVM. Typically, file scans are fast. However, file scans might take longer time due to large file size, file type, or heavy load on the SVM. In case, the file scan takes longer than the scan timeout limit, the file access is allowed and a scan timeout event is generated.
    • Cache scan results for files smaller than ____ MB (Multi-Platform only) — Set the maximum file size (in MB) up to which scan results must be cached. Defaults to 40 MB. Files smaller than this threshold are copied completely to the SVM and scanned. If the file is found to be clean, its scan result is cached based on its SHA 1 checksum for faster future access. Files larger than this size threshold are transferred in chunks that are requested by the SVM and scanned.
    File Types to Scan
    • All files — Select to scan all files. By default, this option is selected.
    • Default + Additional files (Multi-Platform only) — Select to scan the default file types or any additional file types. You can add, edit, and remove additional file types, which are included for scanning.
    • Following only — Select to specify a list of file extensions to scan. You can add, edit, and remove file extensions that are included for scanning.

      Wildcards are supported, and exact matches are required. Do not include the period when specifying extensions.

    Note: Archive and MIME-encoded files are not scanned by default. This behavior is changed by modifying the SVM Settings policy.

    For more information about how to use wildcards when creating exclusions in VirusScan Enterprise or McAfee MOVE AntiVirus, see McAfee KnowledgeBase article KB54812.

    Path Exclusions Add them to the Path Exclusions list.

    Excluding scan items — The McAfee MOVE AntiVirus product allows you to fine-tune the list of file types scanned including individual files, folders, and disks. You might need these exclusions because the scanners might scan and lock a file when that file is being used by a database or server. This might cause the database or server to fail or generate errors.

    When specifying the exclusions:

    • Wildcards are supported.
    • (Multi-Platform only) Windows system variables are supported, see System variables for the list of supported system variables.

    Note: (Agentless only) System variables are not supported.

    Using the Import option, you can browse to and select the exclusion rule file and add path exclusions.

    Note: A path exclusion entry *.log is available, so that the log files on the endpoints are not scanned. This improves the scanning performance of the client system.