About the types of scans and real-time protection

Article:HOWTO54873  |  Created: 2011-06-29  |  Updated: 2011-12-20  |  Article URL http://www.symantec.com/docs/HOWTO54873
Article Type
How To


Subject


About the types of scans and real-time protection

Symantec Endpoint Protection Small Business Edition includes different types of scans and real-time protection to detect different types of viruses, threats, and risks.

By default, Symantec Endpoint Protection Small Business Edition runs an active scan every day at 12:30 P.M. Symantec Endpoint Protection Small Business Edition also runs an active scan when new definitions arrive on the client computer. On unmanaged computers, Symantec Endpoint Protection Small Business Edition also includes a default startup scan that is disabled.

You should make sure that you run an active scan every day on the computers in your network. You might want to schedule a full scan once a week or once a month if you suspect that you have an inactive threat in your network. Full scans consume more computer resources and might impact computer performance.

See Managing scans on client computers.

Table: Scan types

Scan type

Description

Auto-Protect

Auto-Protect continuously inspects files and email data as they are written to or read from a computer. Auto-Protect automatically neutralizes or eliminates detected viruses and security risks.

Note:

Mac clients support Auto-Protect for the file system only.

See About the types of Auto-Protect.

Download Insight

Download Insight boosts the security of Auto-Protect scans by inspecting files when users try to download them from browsers and other portals.

Download Insight uses reputation information to make decisions about files. A Symantec technology that is called Insight determines the file reputation. Insight uses not only the source of a file but also its context to determine a file's reputation. Insight provides a security rating that Download Insight uses to make decisions about the files.

Download Insight functions as part of Auto-Protect and requires Auto-Protect to be enabled.

See How Symantec Endpoint Protection Small Business Edition uses reputation data to make decisions about files.

Administrator-defined scans

Administrator-defined scans detect viruses and security risks by examining all files and processes on the client computer. Administrator-defined scans can also inspect memory and load points.

The following types of administrator-defined scans are available:

  • Scheduled scans

    A scheduled scan runs on the client computers at designated times. Any concurrently scheduled scans run sequentially. If a computer is turned off during a scheduled scan, the scan does not run unless it is configured to retry missed scans. You can schedule an active, full, or custom scan.

    Note:

    Only custom scans are available for Mac clients.

    You can save your scheduled scan settings as a template. You can use any scan that you save as a template as the basis for a different scan. The scan templates can save you time when you configure multiple policies. A scheduled scan template is included by default in the policy. The default scheduled scan scans all files and directories.

  • Startup scans and triggered scans

    Startup scans run when the users log on to the computers. Triggered scans run when new virus definitions are downloaded to computers.

    Note:

    Startup scans and triggered scans are available only for Windows clients.

  • On-demand scans

    On-demand scans are the scans that run immediately when you select the scan command in Symantec Endpoint Protection Manager.

    You can select the command from the Computers tab or from the logs.

SONAR

SONAR offers real-time protection against zero-day attacks. SONAR can stop attacks even before traditional signature-based definitions detect a threat. SONAR uses heuristics as well as file reputation data to make decisions about applications or files.

Like proactive threat scans, SONAR detects keyloggers, spyware, and any other application that might be malicious or potentially malicious.

Note:

SONAR is only supported on Windows computers that run Symantec Endpoint Protection Small Business Edition version 12.1 and later.

See About SONAR.

TruScan proactive threat scans

Supported on Windows computers that run Symantec Endpoint Protection version 11.x. SONAR is not supported on any computers that run version 11.x.

TruScan proactive threat scans provide protection to legacy clients against zero-day attacks. TruScan proactive threat scans determine if an application or a process exhibits characteristics of known threats. These scans detect Trojan horses, worms, keyloggers, adware and spyware, and the applications that are used for malicious purposes.

Unlike SONAR, which runs in real time, TruScan proactive threat scans run on a set frequency.


Legacy ID



v41160104_v59371755


Article URL http://www.symantec.com/docs/HOWTO54873


Terms of use for this information are found in Legal Notices