About the default Virus and Spyware Protection policy scan settings

Article:HOWTO55223  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55223
Article Type
How To


Subject


About the default Virus and Spyware Protection policy scan settings

Symantec Endpoint Protection Manager includes three default policies.

  • Virus and Spyware Protection Balanced policy

  • Virus and Spyware Protection High Security policy

    The High Security policy is the most stringent of all the preconfigured policies. You should be aware that it can affect the performance of other applications.

  • Virus and Spyware Protection High Performance policy

    The High Performance policy provides better performance than the High Security policy, but it does not provide the same safeguards. The policy relies primarily on Auto-Protect to scan files with selected file extensions to detect threats.

The basic Virus and Spyware Protection policy provides a good balance between security and performance.

Table: Virus and Spyware Protection Balanced policy scan settings

Setting

Description

Auto-Protect for the file system

Enabled

Download Insight malicious file sensitivity is set to level 5.

The Download Insight action for unproven files is Ignore.

Auto-Protect includes the following settings:

  • Scans all files for viruses and security risks.

  • Blocks the security risks from being installed.

  • Cleans the virus-infected files. Backs up the files before it repairs them. Quarantines the files that cannot be cleaned.

  • Quarantines the files with security risks. Logs the files that cannot be quarantined.

  • Checks all floppies for boot viruses. Logs the boot viruses.

  • Notifies the computer users about viruses and security risks.

Auto-Protect for email

Enabled

Other types of Auto-Protect include the following settings:

  • Scans all files, including the files that are inside compressed files.

  • Cleans the virus-infected files. Quarantines the files that cannot be cleaned.

  • Quarantines the files with security risks. Logs the files that cannot be quarantined.

  • Sends a message to the computer users about detected viruses and security risks.

SONAR

Enabled for Symantec Endpoint Protection 12.1 clients and later. Legacy clients use TruScan settings. TruScan is enabled when SONAR is enabled.

High risk heuristic detections are quarantined

Logs any low risk heuristic detections

Aggressive mode is disabled

Show alert upon detection is enabled

System change detection actions are set to Ignore.

Suspicious behavior detection blocks high risk threats and ignores low risk threats.

Administrator-defined scans

The scheduled scan includes the following default settings:

  • Performs an active scan every day at 12:30 P.M. The scan is randomized.

  • Scans all files and folders, including the files that are contained in compressed files.

  • Scans memory, common infection locations, and known virus and security risk locations.

  • Cleans the virus-infected files. Backs up the files before it repairs them. Quarantines the files that cannot be cleaned.

  • Quarantines the files with security risks. Logs the files that cannot be quarantined.

  • Retries missed scans within three days.

  • Insight Lookup is set to level 5.

The on-demand scan provides the following protection:

  • Scans all files and folders, including the files that are contained in compressed files.

  • Scans memory and common infection locations.

  • Cleans the virus-infected files. Backs up the files before it repairs them. Quarantines the files that cannot be cleaned.

  • Quarantines the files with security risks. Logs the files that cannot be quarantined.

The default Virus and Spyware High Security policy provides high-level security, and includes many of the settings from the Virus and Spyware Protection policy. The policy provides increased scanning.

Table: Virus and Spyware Protection High Security policy settings

Setting

Description

Auto-Protect for the file system and email

Same as Virus and Spyware Protection Balanced policy

Auto-Protect also inspects the files on the remote computers.

SONAR

Same as Virus and Spyware Protection Balanced policy but with the following changes:

Blocks any system change events.

Global settings

Bloodhound is set to Aggressive.

The default Virus and Spyware Protection High Performance policy provides high-level performance. The policy includes many of the settings from the Virus and Spyware Protection policy. The policy provides reduced security.

Table: Virus and Spyware Protection High Performance policy settings

Setting

Description

Auto-Protect for the file system

Same as Virus and Spyware Protection Balanced policy but with the following changes:

  • Download Insight malicious file sensitivity is set to level 1.

Internet Email Auto-Protect

Microsoft Outlook Auto-Protect

Lotus Notes Auto-Protect

Disabled

SONAR

Same as Virus and Spyware Protection policy with the following changes:

Ignores any system change events.

Ignores any behavioral policy enforcement events.

Administrator-defined scans

Same as Virus and Spyware Protection policy except the following setting:

  • Insight Lookup is set to level 1.


Legacy ID



v40816035_v59371754


Article URL http://www.symantec.com/docs/HOWTO55223


Terms of use for this information are found in Legal Notices