OnAccess Scan

The OnAccess Scan prevents new malware threats from entering the system by scanning local and network files when accessed (opened, moved, copied, or executed), boot sectors, and Potentially Unwanted Applications (PUA). 

The setting of OnAccess Scan option in the EDR UI is divided in the following sections:

• Scan Setting: The Scan Setting option allows you to select the security level while configuring the OnAccess Scan setting. You can select any of the Scan Setting type from- Aggressive, Normal, Permissive, and Custom. In the Scan Setting option you can opt for Scan Archives and Scan PUAs.
  • Aggressive- Aggressive Setting scans all accessed files from local and network drives. It also scans archived and zero-risk files.
  • Normal- Normal Setting scans all accessed files from local drives and application files from network drives. It does not scan archived and zero-risk files.
  • Permissive- Permissive Setting scans accessed application files from local and network drives and incoming emails. It does not scan low-risk files, outgoing emails, web traffic, spyware, and malware.
  • Custom- Custom Setting allows the Administrator to select and define scan settings according to their requirement. To know more about Custom Settings option, click here.
• Quarantined File Restore Location: Use this text field to provide your system path to restore the Quarantined File Location. 
• Fileless Attack Protection: In the Fileless Attack Protection, the Command-Line Scanner option allows Qualys to discover and block fileless attacks at the pre-execution stage. For example, blocking malicious traffic, analyzing memory buffer prior to code injection.
• Optional OnAccess Scan Settings: In this section you can select the Retain a Backup File Copy and Linux Directories Scan Settings. 

The following screenshot is an example of Normal Scan Setting:

After you provide information in the OnAccess Scan, click Next to proceed to the third step - OnDemand Scan User-Interface Settings.