1. The on-access scanner intercepts a request for a file.
2. The file is scanned.
3. The file is passed to the user or application that requested the file, or if the file is infected, the scanner takes the appropriate action and the user is informed of the infection.

• File complexity
• File size
• File location
• File type - File extensions such as .jar, .chm, .cab, and .zip are all archive files that typically use a high rate of compression. To scan these archives, each file must be extracted from the archive and scanned individually. This process can use a large amount of memory, depending on the type of data in the archive and how well it compresses.
• Processing power of the computer scanning the files, and the amount of memory if the file must be uncompressed
• Network speed, if the file has to be copied over a network to be scanned

If a time-out mechanism is not used, you are denied access to the file until the scan is complete. This time period might be minutes or even hours, depending on the factors previously mentioned. For example, if the file is still being scanned after 30 seconds, the scanner will time out. The length of time before this time-out occurs varies by product and can usually be configured. For information about configuring scan time-out settings for your product, see the appropriate product guide.

If the scan of a particular file takes longer than allowed by the time-out value, the scan is stopped. An event is generated in the application event log to note that the scan timed out on the file after the defined scan time-out value. This information is also sent to Alert Manager and ePolicy Orchestrator if they are installed. An example of this error message is:
 

• ENS and ENSM have a built-in, non-configurable timeout of 45 seconds.
• ENSL has a built-in, configurable timeout with a default of 45 seconds. The option in the On-Demand Scan policy to configure the timeout is Specify maximum number of seconds for each file scan.