OnAccess Scan

The OnAccess Scan prevents new malware threats from entering the system by scanning local and network files when accessed (opened, moved, copied, or executed), boot sectors, and Potentially Unwanted Applications (PUA).

The setting of OnAccess Scan option in the EDR UI is divided into the following sections:

Scan Options

The Scan Options allow you to set the security level for On-Access Scan settings, including the options to scan archives and PUAs.

You can choose from the following scan options:

Aggressive - Scans all accessed files from local and network drives, including archived and zero-risk files.
Normal - Scans accessed local and application files on network drives, excluding archived and zero-risk files.
Permissive - Scans accessed application files from local and network drives and incoming emails, but not low-risk files, outgoing emails, web traffic, spyware, or malware.
Custom - Let administrators define specific scan settings. To know more about the Custom Settings option, click here.

Fileless Attack Protection

Selecting the Command-Line Scanner checkbox allows Qualys to detect and block fileless attacks before execution, including malicious traffic and memory buffer analysis.

Optional Settings

Quarantined File Restore Location: Use this text field to provide your system path to restore the Quarantined File Location.
Retain a Backup File Copy: Select the checkbox to enable the system to create and retain a backup copy of any file identified as potentially malicious before it is remediated, such as being quarantined or disinfected.

The following screenshot is an example of Normal Scan Setting:

After you provide information in the OnAccess Scan, click Next to proceed to the third step - Running an OnDemand Scan via User Interface.