About the types of scans and real-time protection
|Article:HOWTO80940|||||Created: 2012-10-24|||||Updated: 2014-09-21|||||Article URL http://www.symantec.com/docs/HOWTO80940|
By default, Symantec Endpoint Protection runs an active scan every day at 12:30 P.M. Symantec Endpoint Protection also runs an active scan when new definitions arrive on the client computer. On unmanaged computers, Symantec Endpoint Protection also includes a default startup scan that is disabled.
When a client computer is off or in hibernation or sleep mode, the computer might miss a scheduled scan. When the computer starts up or wakes, by default the scan is retried within a specified interval. If the interval already expired, Symantec Endpoint Protection does not run the scan and waits until the next scheduled scan time. You can modify the settings for missed scheduled scans.
You should make sure that you run an active scan every day on the computers in your network. You might want to schedule a full scan once a week or once a month if you suspect that you have an inactive threat in your network. Full scans consume more computer resources and might affect computer performance.
Table: Scan types
Auto-Protect continuously inspects files and email data as they are written to or read from a computer. Auto-Protect automatically neutralizes or eliminates detected viruses and security risks. Mac clients and Linux clients support Auto-Protect for the file system only.
Download Insight boosts the security of Auto-Protect scans by inspecting files when users try to download them from browsers and other portals. It uses reputation information from Symantec Insight to allow or block download attempts.
Download Insight functions as part of Auto-Protect and requires Auto-Protect to be enabled.
Administrator-defined scans detect viruses and security risks by examining all files and processes on the client computer. Administrator-defined scans can also inspect memory and load points.
The following types of administrator-defined scans are available:
SONAR offers real-time protection against zero-day attacks. SONAR can stop attacks even before traditional signature-based definitions detect a threat. SONAR uses heuristics as well as file reputation data to make decisions about applications or files.
Like proactive threat scans, SONAR detects keyloggers, spyware, and any other application that might be malicious or potentially malicious.
See About SONAR.
TruScan proactive threat scans
Supported on Windows computers that run Symantec Endpoint Protection version 11.0. SONAR is not supported on any computers that run version 11.0.
TruScan proactive threat scans provide protection to 11.0 clients against zero-day attacks. TruScan proactive threat scans determine if an application or a process exhibits characteristics of known threats. These scans detect Trojan horses, worms, keyloggers, adware and spyware, and the applications that are used for malicious purposes.
Unlike SONAR, which runs in real time, TruScan proactive threat scans run on a set frequency.
Early launch anti-malware (ELAM)
Works with the Windows early launch anti-malware driver. Supported only on Windows 8 and Windows Server 2012.
Early launch anti-malware provides protection for the computers in your network when they start up and before third-party drivers initialize.
Article URL http://www.symantec.com/docs/HOWTO80940