cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
User72676622
Level 7
Report Inappropriate Content
Message 1 of 3
‎02-28-2019 07:27 AM

Is there a way to log what is getting On-Access scanned?

Jump to solution
Is there a way to log what is getting On-Access scanned? Had a customer ask if there is a way to log everything that is getting on-access scanned to verify the exclusions they requested are working properly.
0 Kudos
Reply
2 Solutions

Accepted Solutions
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 3
‎02-28-2019 07:31 AM

Re: Is there a way to log what is getting On-Access scanned?

Jump to solution

Sadly no. The best thing I can advise, is to use procmon: https://kc.mcafee.com/corporate/index?page=content&id=KB50981 or the profiler tool to see the top items being scanned.

This would be a great idea for a PER. However just to explain why we don't have this inbuilt: we scan far too many files per second for it to be reasonable to log this sort of information. The size of the log would be far too large for any functional use.

View solution in original post

Reply
jess_arman
Employee
Employee
Report Inappropriate Content
Message 3 of 3
‎02-28-2019 07:58 AM

Re: Is there a way to log what is getting On-Access scanned?

Jump to solution

@User72676622 The best solution for accomplishing their goal is to use the McAfee Profiler tool while accessing/interacting with the files & processes they've excluded. KB6968 answers quesitons about Profiler use and links to its download.

A ProcMon could be misleading and difficult to confirm based on, as mcshield will still sometimes appear to touch the file as it is processing to determine if the file is excluded, though it is not actually scanning the file.

To have this information included in future iterations of a debug OAS log, would be a PER as chealey mentioned, and could be submitted via the instructions in KB60021

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

0 Kudos
Reply
2 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 3
‎02-28-2019 07:31 AM

Re: Is there a way to log what is getting On-Access scanned?

Jump to solution

Sadly no. The best thing I can advise, is to use procmon: https://kc.mcafee.com/corporate/index?page=content&id=KB50981 or the profiler tool to see the top items being scanned.

This would be a great idea for a PER. However just to explain why we don't have this inbuilt: we scan far too many files per second for it to be reasonable to log this sort of information. The size of the log would be far too large for any functional use.

Reply
jess_arman
Employee
Employee
Report Inappropriate Content
Message 3 of 3
‎02-28-2019 07:58 AM

Re: Is there a way to log what is getting On-Access scanned?

Jump to solution

@User72676622 The best solution for accomplishing their goal is to use the McAfee Profiler tool while accessing/interacting with the files & processes they've excluded. KB6968 answers quesitons about Profiler use and links to its download.

A ProcMon could be misleading and difficult to confirm based on, as mcshield will still sometimes appear to touch the file as it is processing to determine if the file is excluded, though it is not actually scanning the file.

To have this information included in future iterations of a debug OAS log, would be a PER as chealey mentioned, and could be submitted via the instructions in KB60021

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC