diff --git a/roles/bootstrap/files/clamav/clamd.conf b/roles/bootstrap/files/clamav/clamd.conf
index 67c87ff..a08e742 100644
--- a/roles/bootstrap/files/clamav/clamd.conf
+++ b/roles/bootstrap/files/clamav/clamd.conf
@@ -780,7 +780,7 @@ ScanArchive yes
 # If off, fanotify will only notify if the file scanned is a virus,
 # and not perform any blocking.
 # Default: no
-#OnAccessPrevention yes
+OnAccessPrevention no
 
 # When using prevention, if this option is turned on, any errors that occur
 # during scanning will result in the event attempt being denied. This could
@@ -794,7 +794,7 @@ ScanArchive yes
 # created or moved.
 # Requires the  DDD system to kick-off extra scans.
 # Default: no
-#OnAccessExtraScanning yes
+OnAccessExtraScanning yes
 
 # Set the  mount point to be scanned. The mount point specified, or the mount
 # point containing the specified directory will be watched. If any directories
@@ -805,7 +805,7 @@ ScanArchive yes
 # made on vital system directories)
 # It can be used multiple times.
 # Default: disabled
-#OnAccessMountPath /
+OnAccessMountPath /
 #OnAccessMountPath /home/user
 
 # With this option you can exclude the root UID (0). Processes run under