Loading...

Knowledge Center


Best practices for on-demand scans in Endpoint Security and VirusScan Enterprise
Technical Articles ID:   KB74059
Last Modified:  8/7/2018
Rated:


Environment

McAfee Endpoint Security (ENS) Threat Prevention 10.x
McAfee VirusScan Enterprise (VSE) 8.8

Summary

This article provides you with best practices to configure scheduled on-demand scan tasks.

The on-demand scan configuration is a two-stage process: Configure what locations to scan and schedule how often to scan. To decide how to configure the on-demand scanner, break down the scan targets to minimize the data scanned:
  • Configure daily memory on-demand scans as part of your essential protection - A daily scan of Memory for rootkits and Running processes finishes quickly, with virtually no impact on the end users. It is your early warning if something suspicious is present. Immediately perform a full on-demand scan on any system with a detection from this daily scan.
     
  • Configure active user on-demand scans, and include the following scan locations - These scan locations are frequent targets of malware attacks. Scan these locations at least weekly, or even daily:
    • User profile folder
    • Temp folder
    • Registry
    • Registered files
    • Windows folder
     
  • Configure regular full on-demand scans as part of your essential protection - At a minimum, include the following settings for regular on-demand scans:
     
    • Default locations:
      • Memory for rootkits
      • Running processes
      • All local drives
      • Registry
         
    • Scan options:
      • Scan subfolders
      • Boot sectors
         
    • McAfee strongly recommends that you schedule on-demand scans at these intervals:
      • Daily - During a major malware outbreak
      • Weekly - Provides good protection
      • Monthly - Decent protection, with risk

In addition, configure the following on-demand scan settings according to your needs:
  • Enable the scan cache - The scanner maintains a cache of previously scanned files even through restarts of the computer. This setting improves performance by using the existing scan results to determine whether files need to be scanned. Clean files are added to the clean file scan cache. The next time these files are accessed, they will not be scanned unless they are no longer in the cache or have been changed since they were last scanned. Configure the scan cache using the following options:
    • ENS: Configure the option Use the scan cache in the on-demand scan policy.
    • VSE: Configure the following Global Scan Settings: Enable saving scan data across reboots and Allow on-demand scans to utilize the scan cache.
     
  • Configure system utilization - The system utilization setting maps to Windows Priority Control. This setting allows the operating system (OS) to control the amount of CPU time that the scanner receives during the scan. If other higher priority tasks request CPU, the OS takes CPU time away from the on-demand scan (scan32.exe) and assigns it to the other tasks. When the other tasks no longer require as much CPU, the OS gives CPU time back to scan32.exe. Configure the system utilization using the following options:
    • ENS: Configure the option System utilization in the on-demand scan policy.
    • VSE: Configure the option System utilization on the Performance tab of the on-demand scan task.
       
    Configure the system utilization depending on the type of activity normally performed on the system.

    NOTE: Setting the system utilization too low can cause your scan to take up to twice as long.
     
    Utilization   
    Priority
    Low For systems with above average user activity. Provides improved performance for other running applications.
    Below Normal For systems with typical user activity, such as personal computers or laptops.
    Normal For systems with little or no user activity, nor applications providing user services. In other words, the scan runs at a time when nobody uses the system.

Rate this document

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.