I am looking for a way to log On-Access Scan hits... I know about (and use) the Profiler, but in this case, it's not a good fit. There's also Last File Scanned in the VirusScan Console, which is insultingly useless... what good is seeing every 100th scanned file? can't be saved to a log, has no time stamps, doesn't help when something crashed in the middle of the night, etc. I digress... Does anyone know of a way to log when McShield scans a file?
Create an Action Protection rule to "REPORT" only (make sure NOT to enable block):
Rule Name: Report Only: *.exe
Processes to include: *
Processes to exclude: mcshield.exe, scan*.exe, Stinger.exe
File or folder name to block: **\*.exe (OR dial-in to the actual folder you would like to REPORT on)
File actions to prevent: Files being executed
Get ready for increase log rollover and performance degradation; that's the reason why there isn't an actual "log" of every entry that McShield scans - to much overhead; yet in a pinch it's a great way to troubleshoot.
I appreciate the suggestion, but that's still only logging process launches. The files that I'm trying to track scans against are not .exe's. The Access Protection rule would need a "Files to Include" option.
Perhaps, replace "exe" with the file extension of your choice and get ready for the flood.
Does your AP rule look like -
If it does, make sure to toggle REPORT only
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: