[Last Call] Learn how to a build a cloud-first strategyRegister Now


AV On-demand scanner/On-access scanner query

Posted on 2008-10-13
Medium Priority
Last Modified: 2013-12-09

I have a query regarding AV scans. From what I understand there are two types, on-demand and on-access, and I think they are as below. Could someone clarify?

On-demand: The scan that takes place at a set time each day/week etc

On-access: Real time scanning that occurs whenever someone reads a file/writes to a file.

Also, it is possible to set the AV to scan 'on read' and 'on write'. Can someone clarify what this means and what would be recommended for, say, a shared folder on a file server?

Question by:bruce_77
  • 3
  • 2

Expert Comment

ID: 22705232
It's literal.  On Demand means that it's going to check at a specific time that's been scheduled or when you manually tell it to.  On Access means whenever the file is accessed by the machine running the AV.  So if you're the client machine running the AV and you have it set to On Access then any file your machine opens or modifies in any way will be scanned.  There are always file type exceptions in your AV preferences so be careful to know what those are.


Author Comment

ID: 22705338

So the access-scanner set to scan 'on read only' means everytime the file is accessed?

And the similarly set to scan on 'write only' means everytime the file is modified?

Are there any recommendations on which one to use?

Expert Comment

ID: 22705391
If it doesn't impact the performance of your machine too much leave them both on.  If you're accessing a shared folder that other machines are also accessing then always have the 'READ' on and again if your machine doesn't have any performance issues also do the WRITE as well.

The main difference is that if you're READING the file you want to make sure you're not opening anything that has a virus, and when you WRITE the file you want to make sure that something else doesn't piggy back on top and write with it.

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.


Author Comment

ID: 22705530
To be honest, I'm still a little confused..

Let's say I have a folder named HR, on my File/Print server, FP01.

On read only: Does this mean scan whenever -any- computer accesses the file (read the file), or whenever FP01 (or rather a user logged onto FP01) opens a file in HR and reads it?


On write-only: Does this mean whenever any computer attempts to modify files within HR, or when FP01 modifies it?

Thanks for the help

Accepted Solution

razorwoods earned 2000 total points
ID: 22705599
If this is a workstation or home version of the AV program then it will ONLY engage On-Access if the person is on FP01 and accessing.  The AV program won't know if a network user accesses the file, only a local user.  Local to the machine running the AV software.

If this the a full server version of AV there are lots of other special settings typically for the network as well.


Expert Comment

ID: 22706070
On read scanner is every file used by the computer put into memory of every file being read from your hard drive , and On write is every time a file is written on to the hard drive. the scenario oof a share file server i would recommend both of them but especifically if you have network map drive there is an option for this called network drives. the most demanding of the two features is on read but is the most safe to use, i would recommend and use both cause some types of viruses write files on your pc through share folder and this option will defenitely stop the virus from replicating, on the other hand y are constantly using files from this server the on read option scans every file you are using from the server on use. on some scenarios where the pc doesnt have enough hardware what we usually do is leave only the on write feature cause is the less demanding and we set and on demand scan more often like 3 times a week.

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question