Selecting the interception mode for file operations

The file operation interception mode affects the File Threat Protection and Device Control components.

• For the duration of the scan, the application can block access to files that are being scanned by the File Threat Protection component. If access is blocked, any access to the scanned file must wait until the scan results are in. If the scan detects no threats in the file, the application allows access to the file. When detecting infected objects, the application takes the actions specified in the First action (FirstAction) and Second action (SecondAction) settings for File Threat Protection.

  By default, blocking access to files that are being scanned by the File Threat Protection component is disabled. The scan is performed asynchronously.

• The application can block access to files on the device while the Device Control component is deciding if access to the device can be granted. If access is blocked, any access to files on the managed device must wait until the scan results are in. The application allows access to files if after the scan, Device Control allows access to the device that contains the files.

  By default, file access blocking on the device monitored by the Device Control component is disabled. Device Control determines if access to the device can be allowed in asynchronous mode.

Configuring in the Web Console

In the Web Console, you can configure the file operation interception mode in the policy properties (Application settings → General settings → Application settings, File operation interception mode section).

The Block access to files during scans check box enables or disables the blocking of access to files while they are being scanned by the File Threat Protection and Device Control components.

This check box is cleared by default. Access to any file is allowed for the duration of the scan, and the scan runs in asynchronous mode.

If this check box is selected, access to any file is blocked for the duration of the scan.

Configuring in the Administration Console

In the Administration Console, you can configure the file operation interception mode in the policy properties (General settings → Application settings, File operation interception mode section).

The Block access to files during scans check box enables or disables the blocking of access to files while they are being scanned by the File Threat Protection and Device Control components.

This check box is cleared by default. Access to any file is allowed for the duration of the scan, and the scan runs in asynchronous mode.

If this check box is selected, access to any file is blocked for the duration of the scan.

Configuring in the command line

You can configure the file operation interception mode in the command line using the FileBlockDuringScan setting in the general application settings.

You can edit the setting using command line options or a configuration file that contains all general application settings.

The FileBlockDuringScan option accepts the following values:

• Yes to block access to files for the duration of the scan by the File Threat Protection and Device Control components.
• No (default value) to allow access to files during the scan. Requests to any file is allowed, scanning is done asynchronously.

Page top