The on-demand scanner searches your system’s files, folders, memory, registry, and more looking for any malware that could have infected your system. You decide when and how the on-demand scans occur. You can scan your system manually, at a scheduled time, or for example, when your system boots.

When an attempts is made to open, close, or rename a file, the scanner intercepts the operation and takes these actions.

1. The scanner determines if the file, folder, or disk should be scanned based on this criteria:
   
   • The file’s extension matches the configuration.
   • The file has not been cached.
   • The file has not been excluded.
   • The file has not been previously scanned.
     Note: The on-demand scanner uses heuristics to check for suspicious files, if you configure Artemis. For details, see How Artemis works.
2. If the file, folder, or disk meets the scanning criteria, it is scanned by comparing the information in the file to the known virus signatures in the currently loaded DAT files.
   
   • If it is clean, the result is cached and the next item is checked.
   • If it contains a threat, the configured action is taken. For example:
     
     • If it needs to be cleaned, that process is determined by the currently loaded DAT files.
     • The results are recorded in the activity log if the scanner was configured to do so.
     • In the On-Demand Scan Progress dialog, the information describing the memory, file, folder, or disk name and the action taken is displayed.
3. If the memory, file, folder, or disk does not meet the scanning requirements, it is not scanned and the scanner continues until all of the data is scanned.