Scanning comparison: writing to disk vs. reading from disk

The on-access scanner treats scans differently depending on whether the user is writing to disk or reading from disk.

When files are being written to disk, it scans these items:


  • Incoming files being written to the local hard drive.
  • Files being created on the local hard drive or a mapped network drive (this includes new files, modified files, or files being copied or moved from one drive to another).
    Note: To scan mapped network drives, you must enable the On Network Drives option. Refer to the section, Accessing the policy configuration interface to display the On-Access Default Process Policies configuration page for one of the following interfaces:
    • From ePolicy Orchestrator 4.5 or 4.6 on the On-Access Default Processes Policies page, click Scan Items tab, and On network drives next to Scan files.
    • From VirusScan ConsoleVirusScan Console, click On-Access Scanner under Task and the properties dialog appears. Click All Processes and the Scan Items tab. Click the On Network Drives option located in the Scan Files group.
    These scans are only accessible by the same client where VirusScan Enterprise is installed. It does not detect access to the mapped network drive by other systems.

When files are being read from disk, it scans these items:


  • Outgoing files being read from the local hard drive or mapped network drives.
    Note: To scan mapped network drives, select the On network drives option, described previously, to include remote network files.
  • Any file being executed on the local hard drive.
  • Any file opened on the local hard drive.
  • Any file being renamed on the local hard drive, if the file properties have changed.