On-Access Scanning

On-Access Scanning refers to the process of scanning files as they are accessed by users of the system. Powertech Antivirus includes a service, avsvc, that allows you to do this.

On-Access Scanning can be started and stopped for endpoints, both individually and in groups, using Insite. To manage On-Access Scanning from the command line, see the avsvcctl command.

WARNING: Prior to scanning, ensure you have acquired the latest virus definitions from McAfee (see Updating Virus Definitions). If you attempt to scan without updating to the latest virus definitions, Powertech Antivirus will perform the scan, but without the code required to identify the latest threats.
NOTE: Solaris users: Solaris 11.4 or later is required for On-Access Scanning.

On-Access Scanning with Insite

To use Insite for On-Access Scanning, first install Insite with the Insite PTAV Service, and connect the endpoints you intend to scan. See Connecting Powertech Antivirus to Insite for details on installing and connecting Insite, and adding endpoints.

To run On-Access scans using Insite

  1. Open Insite and choose Powertech Antivirus. From the Navigation pane, choose Configurations. Review the On-Access Configurations to confirm one exists that you want to use for your scan. See Configurations screen. To add a new On-Access Configuration, choose Add > On-Access Configuration and define one to meet your requirements. (See New On-Access Configuration pane).
  2. On the Insite Navigation pane, choose Endpoints.
  3. Ensure the virus definition DAT files are up-to-date on the endpoints you want to scan. See Updating Virus Definitions.
  4. Use the check box to the left of the endpoint listing to specify the endpoints you want to scan. Additional buttons appear on the top of the screen with a yellow background.
  5. Click Start. A message appears indicating On-Access scanning is starting.
  6. Click Activity Status to open the Activity Status page, where you can monitor the status of submitted On-Access Scanning requests.
  7. If the Start action failed on one or more endpoints, you can rerun the request on failed endpoints only by clicking (Show Actions) > Rerun On-Access Service Config on Failed Endpoints

 

Related Topics