Identify frequently scanned items from command line (Multi-Platform)

The scan diagnostic tool calculates and displays frequently scanned processes, files, extensions, and VMs. You can include these files in the path and process exclusion policies. These specified files are excluded from scans when they are written by a trusted process.

Before you begin

You must have administrator permissions to perform this task.

Access the SVM command-line interface (CLI) on the SVM virtual machine to create and display this report.

This diagnostic tool captures these details:
  • Top 10 file scan requests
  • Top 10 file extensions
  • Top 10 processes
  • Top 10 virtual machines that are sending maximum scan and checksum requests.


  1. Open the SVM CLI: click StartProgramsMcAfeeMOVE AV Server command prompt.
    Note: This command prompt has administrator rights.

    At this command prompt, you can type commands that activate the mvadm utility to perform administration tasks on the SVM.

  2. To calculate the frequently scanned files, run this command:
    move_diagnose /T: <Time Window> /O: < Output File>
    Option Definition
    T The time period, in minutes, set for calculating the frequently scanned files. For example, 3 minutes.
    O Full path of the output file for storing the results.
    At the end of specified minutes, the tool completes the analysis and displays the results. The default allowed time limit is 10 minutes.
  3. (Optional) Change the time limit by configuring the registry settings in HKLM\System\CurrentControlSet\services\mvserver\Parameters\diagnostic\FrequentlyScanMaxTimeOutWindow.