• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1080
  • Last Modified:

Benefits of scheduled scan

Hi All

We are running McAfee 8.5 virus scan with EPO 4.0 in our environment....Clients are XP, servers Windows 2003.

At the moment, the clients are set to run a scheduled scan every night at 22:00, whilst the server purely rely on the on-access scan functionality.

I just wanted to throw this out to the McAfee/security experts....is this recommended? Should we set up a scheduled scan for the servers too, or will the on-access scan cover it? I was just wondering about server performance if we do run a scheduled scan...

3 Solutions
The scan will certainly affect your performance on your servers.  I have the on access scan running on all of my servers.  I do periodically run a scan against the drives of given servers but rarely if ever to i find something that the on access scanner didn't trap.  

Ultimately this a decision you have to make but in my opinion you don't' need to schedule nightly or weekly scans of your servers.  

kam_ukAuthor Commented:
Thanks - quick question...

Say if a virus went ont a server on April 4th, but the DAT that caught it was not released on April 6th.

I guess the on-access scanner would not pick the virus up when it originally entered the server, but would the on-access scanner pick it up on te 6th, even though the file was neither entering nor exiting the server? Or could only a scheduled scan do this?
Mohamed OsamaSenior IT ConsultantCommented:
you should compromise a bit here, your concern is valid , you can not entirely rely on on-access scans ,consider running  a scheduled scan for at least critical areas of the system once a month , this should cover MBR, startup items, Windows & program files folder ,etc..  this should ensure that the server is not currently infected, while taking it easy on the servers resources.
if you have an external storage used by the users, or a File server, you should consider scheduling full scans more frequently in off hours .
you also need to make sure that proper exclusions are in place depending on each server's role , you can read further about this in the below link
hope this helps.
Kam yes the file would come into the system and basically set dormant or the on-access scanner would pick it up when the file became active.  Again, I support periodic scans of the drives just as Admin recommends.


Scheduled scans should not affect the performance of your servers if you follow this:

1) Scheduled scans run at off-peak hours.  

2) Don't interfere with any back-up jobs

recommended number of scans is (full scan - 2 or 3 weekly) but it also depends on many things:

1) Number of daily infections: if your network is always get attacked by viruses, you should increase the number of full scans on clients and servers.

2) File servers are always prone for infections, because users keep uploading files which could be malicious

3) Direct access to servers and using removable drives: administrators are careless and lazy when it comes to scan flash drives before using them in the server room.


Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now