Threat PreventionOn-Demand Scan

Configure the On-Demand Scan settings for the preconfigured and custom scans that run on Windows, Mac, and Linux client systems.

These settings specify the scanner behavior when you:

  • Select Full Scan or Quick Scan from the Scan Now page in the Endpoint Security Client.
  • As an administrator, run a custom on-demand scan from Tasks in the Endpoint Security Client.
  • Right-click a file or folder and select Scan for threats from the pop-up menu.
Options
Section Option Definition
What to Scan Boot sectors Examines the disk boot sector.
Tip: Best practice: Deselect boot sector scanning when a disk contains a unique or abnormal boot sector that can't be scanned.
Files that have been migrated to storage Scans files that Remote Storage manages.

Some offline data storage solutions replace files with a stub file. When the scanner encounters a stub file, which indicates that the file has been migrated, the scanner restores the file to the local system before scanning. The restore process can negatively impact system performance.

Tip: Best practice: Deselect this option unless you have a specific need to scan files in storage.

This option doesn't apply to files stored in Microsoft OneDrive. The on-demand scanner doesn't download OneDrive files or scan files that haven't been downloaded.

Compressed MIME-encoded files Detects, decodes, and scans Multipurpose Internet Mail Extensions (MIME) encoded files.
Compressed archive files Examines the contents of archive (compressed) files, including .jar files.
Tip: Best practice: Select this option only in scans scheduled during off hours when the system isn't being used because scanning compressed archive files can negatively affect system performance.
Subfolders (Right-Click Scan only) Examines all subfolders of the specified folder.
Additional Scan Options Detect unwanted programs Enables the scanner to detect potentially unwanted programs.

The scanner uses the information you configured in the Threat Prevention Options settings to detect potentially unwanted programs.

Detect unknown program threats Uses McAfee GTI to detect executable files that have code resembling malware.
Detect unknown macro threats Enables the scanner to detect unknown macro threats.
Scan Locations (Full Scan and Quick Scan only) Specifies the locations to scan.

These options apply to Full Scan, Quick Scan, and custom on-demand scans only.

File Types to Scan All files Scans all files, regardless of extension.

McAfee strongly recommends enabling All files.

Caution: Failure to select this option leaves your system vulnerable to malware attacks.
Default and specified file types Scans:
  • Default list of file extensions defined in the current AMCore content file, including files with no extension
  • Any additional file extensions that you specify

    Separate extensions with a comma.

  • (Optional) Known macro threats in the list of default and specified file extensions
Specified file types only Scans either or both:
  • Only files with the (comma-separated) extensions that you specify
  • All files with no extension
McAfee GTI Enables and configures McAfee GTI settings.
Exclusions Specifies files, folders, and drives to exclude from scanning.
Add Adds an item to the exclusion list.
Delete Removes an item from the exclusion list.
Actions Specifies how the scanner responds when it detects a threat.
Performance Use the scan cache Enables the scanner to use the existing clean scan results.
Tip: Best practice: Select this option to reduce duplicate scanning and improve performance.
System utilization Enables the operating system to specify the amount of CPU time that the scanner receives during the scan.

Each task runs independently, unaware of the limits for other tasks.

  • Low — Provides improved performance for other running applications. Sets the number of threads for the scan to 1.
    Tip: Best practice: Select this option for systems with end-user activity.
  • Below normal (Default for the preconfigured Full Scan and Quick Scan) — Sets the number of threads for the scan to be equal to the number of CPUs.
  • Normal (Default for custom scans) — Enables the scan to finish faster. Sets the number of threads for the scan to twice the number of CPUs.
    Note: Best practice: Select this option for systems with large volumes and little end-user activity.
Scheduled Scan Options

These options apply to Full Scan, Quick Scan, and custom on-demand scans only.

Scan only when the system is idle Runs the scan only when the system is idle.

Threat Prevention pauses the scan when the user accesses the system using the keyboard or mouse. Threat Prevention resumes the scan when the user (and CPU) is idle for five minutes.

Disable this option only on server systems and systems that users access using Remote Desktop Connection (RDP). Threat Prevention depends on the McAfee notification area icon to determine if the system is idle. On systems accessed only by RDP, the notification area icon doesn't start and the on-demand scanner never runs. To work around this issue, add the UpdaterUI.exe to the logon script.

Scan anytime Runs the scan even if the user is active and specifies options for the scan.
User can defer scans — Allows the user to defer scheduled scans, and specifies options for scan deferral.
  • Maximum number of times user can defer for one hour — Specifies the number of times (1–23) that the user can defer the scan for one hour.
  • User message — Specifies the message to display when a scan is about to start.

    The default message is: McAfee Endpoint Security is about to scan your system.

  • Message duration (seconds) — Specifies how long (in seconds that the user message appears when a scan is about to start. The valid range for the duration is 30–300; the default is 45 seconds.
Do not scan when the system is in presentation mode — Postpones the scan while the system is presentation mode.
Do not scan when the system is on battery power Postpones the scan when the system is using battery power.