On-Access vscan policy behavior when creating files

garruche — Wed, 04 Jun 2025 14:46:47 GMT

Hi,

IHAC who wants to use on-access vsan policies with mandatory scan (ONTAP 9.1P5) and I would like to be sure about expected behavior whan AV servers are down.

Doc is not very verbose on expected behavior and just says that :

- standard profile triggers a scan for open, close and rename

- strict profile triggers a scan for open, close, read, rename

- write_only profile triggers a scan for close after modifcation.

When testing with all AV servers down, the customer is seeing that read and open files cannot be opened in all cases and file creation seems to be authorized.

I just want to be sure this behavior is normal (when scan is mandatory and AV servers down) , with standard or strict profiles.

- files can not be opened or read or renamed.

- files can not be modified (saved under the same name).

- new files can be created (by copying them from elsewhere)

- files can be modified when saved under a name, which means creating a new file.

With writes-only profile, files can be opened and modified (simple test using a notepad): I managed to modify a file without a problem, which is not normal IMHO.

Is this correct ?

Or is there a problem ?

Best regards

Régis

topic On-Access vscan policy behavior when creating files in ONTAP Discussions

On-Access vscan policy behavior when creating files

Re: On-Access vscan policy behavior when creating files