Update the Vscan On-Access policy configuration for an SVM
PATCH /protocols/vscan/{svm.uuid}/on-access-policies/{name}
Introduced In: 9.6
Updates the Vscan On-Access policy configuration and/or enables/disables the Vscan On-Access policy of an SVM. You cannot modify the configurations for an On-Access policy associated with a data SVM which was created by SVM owned by the cluster, although you can enable and disable the policy associated with cluster SVM.
Related ONTAP commands
- 
vserver vscan on-access-policy modify
- 
vserver vscan on-access-policy enable
- 
vserver vscan on-access-policy disable
- 
vserver vscan on-access-policy file-ext-to-include add
- 
vserver vscan on-access-policy file-ext-to-exclude add
- 
vserver vscan on-access-policy paths-to-exclude add
- 
vserver vscan on-access-policy file-ext-to-include remove
- 
vserver vscan on-access-policy file-ext-to-exclude remove
- 
vserver vscan on-access-policy paths-to-exclude remove
Parameters
| Name | Type | In | Required | Description | 
|---|---|---|---|---|
| name | string | path | True | |
| svm.uuid | string | path | True | UUID of the SVM to which this object belongs. | 
Request Body
| Name | Type | Description | 
|---|---|---|
| enabled | boolean | Status of the On-Access Vscan policy | 
| mandatory | boolean | Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning. | 
| scope | ||
| svm | SVM, applies only to SVM-scoped objects. | 
Example request
{
  "scope": {
    "exclude_extensions": [
      "mp*",
      "txt"
    ],
    "exclude_paths": [
      "\\dir1\\dir2\\name",
      "\\vol\\a b",
      "\\vol\\a,b\\"
    ],
    "include_extensions": [
      "mp*",
      "txt"
    ],
    "max_file_size": 2147483648
  },
  "svm": {
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}Response
Status: 200, OkError
Status: DefaultONTAP Error Response Codes
| Error Code | Description | 
|---|---|
| 10027033 | Configurations for an On-Access policy associated with a data SVM which was created by SVM owned by the cluster cannot be modified. However, the policy can be enabled or disabled. | 
| 10027046 | The specified SVM is not the owner of the specified policy. Check for the correct SVM who owns the policy. | 
| 10027101 | The file size must be in the range 1KB to 1TB | 
| 10027107 | The include extensions list cannot be empty. Specify at least one extension for inclusion. | 
| 10027109 | The specified CIFS path is invalid. It must be in the form "\dir1\dir2" or "\dir1\dir2\". | 
| 10027249 | The On-Access policy updated successfully but failed to enable/disable the policy. The reason for an enable policy operation failure might be that another policy is enabled. Disable the already enabled policy and then enable the policy. The reason for a disable policy operation failure might be that Vscan is enabled on the SVM. Disable the Vscan first and then disable the policy. | 
| 10027250 | The On-Access policy cannot be enabled/disabled. The reason for an enable policy operation failure might be that another policy is enabled. Disable the already enabled policy and then enable the policy. The reason for a disable policy operation failure might be that Vscan is enabled on the SVM. Disable the Vscan and then disable the policy. | 
| 10027253 | The number of paths specified exceeds the configured maximum number of paths. You cannot specify more than the maximum number of configured paths. | 
| 10027254 | The number of extensions specified exceeds the configured maximum number of extensions. You cannot specify more than the maximum number of configured extensions. | 
Definitions
See Definitions
scope
| Name | Type | Description | 
|---|---|---|
| exclude_extensions | array[string] | List of file extensions for which scanning is not performed. | 
| exclude_paths | array[string] | List of file paths for which scanning must not be performed. | 
| include_extensions | array[string] | List of file extensions to be scanned. | 
| max_file_size | integer | Maximum file size, in bytes, allowed for scanning. | 
| only_execute_access | boolean | Scan only files opened with execute-access. | 
| scan_readonly_volumes | boolean | Specifies whether or not read-only volume can be scanned. | 
| scan_without_extension | boolean | Specifies whether or not files without any extension can be scanned. | 
href
| Name | Type | Description | 
|---|---|---|
| href | string | 
_links
svm
SVM, applies only to SVM-scoped objects.
| Name | Type | Description | 
|---|---|---|
| name | string | The name of the SVM. This field cannot be specified in a PATCH method. | 
| uuid | string | The unique identifier of the SVM. This field cannot be specified in a PATCH method. | 
vscan_on_access
An On-Access policy that defines the scope of an On-Access scan. Use On-Access scanning to check for viruses when clients open, read, rename, or close files over CIFS. By default, ONTAP creates an On-Access policy named "default_CIFS" and enables it for all the SVMs in a cluster.
| Name | Type | Description | 
|---|---|---|
| enabled | boolean | Status of the On-Access Vscan policy | 
| mandatory | boolean | Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning. | 
| scope | ||
| svm | SVM, applies only to SVM-scoped objects. | 
error_arguments
| Name | Type | Description | 
|---|---|---|
| code | string | Argument code | 
| message | string | Message argument | 
returned_error
| Name | Type | Description | 
|---|---|---|
| arguments | array[error_arguments] | Message arguments | 
| code | string | Error code | 
| message | string | Error message | 
| target | string | The target parameter that caused the error. | 
 PDFs
PDFs