Selecting the interception mode for file operations

The file operation interception mode affects the File Threat Protection and Device Control components.

• For the duration of the scan, the application can block access to files that are being scanned by the File Threat Protection component. By default, access is blocked: any access to the scanned file must wait until the scan results are in. If the scan detects no threats in the file, the application allows access to the file. When detecting infected objects, the application performs the actions specified in the Action on threat detection (ActionOnThreat) setting of the File Threat Protection component.

  You can choose not to block access to files that are being scanned by the File Threat Protection component. In that case, the scan is performed asynchronously.

• The application can block access to files on the device while the Device Control component is deciding if access to the device can be granted. By default, access is blocked: any access to files on the managed device must wait until the scan results are in. The application allows access to files if after the scan, Device Control allows access to the device that contains the files.

  You can disable file access blocking on the device monitored by the Device Control component. In that case, Device Control determines if access to the device can be allowed in asynchronous mode.

If the blocking mode of file operation interception is not enabled, the File Threat Protection, Device Control, and Execution prevention protection components run in notify mode, regardless of the mode that is configured.

Configuring in the Web Console

In the Web Console, you can configure the file operation interception mode in the policy properties (Application settings → General settings → Application settings, File operations interception mode section).

The Block access to files during scans check box enables or disables the blocking of access to files while they are being scanned by the File Threat Protection and Device Control components.

The check box is selected by default.

If the check box is cleared, access to any file is allowed for the duration of the scan, and the scan runs in asynchronous mode.

Configuring in the Administration Console

In the Administration Console, you can configure the file operation interception mode in the policy properties (General settings → Application settings, File operations interception mode section).

The Block access to files during scans check box enables or disables the blocking of access to files while they are being scanned by the File Threat Protection and Device Control components.

The check box is selected by default.

If the check box is cleared, access to any file is allowed for the duration of the scan, and the scan runs in asynchronous mode.

Configuring in the command line

You can configure the file operation interception mode in the command line using the FileBlockDuringScan setting in the general application settings.

You can edit the setting using command line options or a configuration file that contains all general application settings.

The FileBlockDuringScan option accepts the following values:

• Yes (default value) to block access to files for the duration of the scan by the File Threat Protection and Device Control components.
• No to allow access to files during the scan. Requests to any file is allowed, scanning is done asynchronously.

  This file operation interception mode has less impact on the system performance, but there is a risk that a threat in a file will not be disinfected or deleted if the file can, for example, change its name during a scan before the application makes a decision on the status of the file.

Page top