Part II - Detection: Finding Threats
Finding threats is the second step in a protection strategy to detect malware attempting to gain
access to your system.
Contents
Scanning items on-access
Scanning items on-demand
Scanning email on-delivery and on-demand
Scanning items on-access
The on-access scanner examines files on your computer as they are accessed, which provides
continuous, real-time detection of threats. Both the Access Protection and Buffer Overflow
Protection features also use the on-access scanner to detect access violations and buffer overflow
exploits respectively.
Contents
On-access scanning and how it works
Scanning comparison: writing to disk vs. reading from disk
Scanning comparison: scanning all files vs. scanning default + additional file types
Script scanning and how it works
Determine the number of scanning policies
How Artemis works
How general and process settings are configured
On-access scanning and how it works
The on-access scanner hooks into the system at the lowest levels (File-System Filter Driver), it
scans files where they first enter your system. The on-access scanner acts as part of the system
(System Service), and delivers notifications via the interface when detections occur.
When an attempt is made to open, close, or rename a file, the scanner intercepts the operation
and takes these actions.
1 The scanner determines if the file should be scanned based on this criteria:
• The file’s extension matches the configuration.
• The file has not been cached.
• The file has not been excluded.
• The file has not been previously scanned.
51McAfee VirusScan Enterprise 8.8 Product Guide
Comments to this Manuals