On-access scans occur anytime an endpoint user opens, moves, copies or executes a local or network file, and in accordance with the On-Access settings in the Antimalware Enforcement Policy. This can include boot sectors and potentially unwanted applications (PUA).