What is Auto-Protect ?

Article:TECH94990  |  Created: 2009-01-12  |  Updated: 2010-10-11  |  Article URL http://www.symantec.com/docs/TECH94990
Article Type
Technical Solution

Product(s)

Environment

Issue



What is Auto-Protect ?


Solution



Auto-Protect is the first line of defense against threats by providing real-time protection for your computer. Whenever you access, copy, save, move, open or close a file, Auto-Protect scans the file to ensure that a threat has not attached itself. By default, it loads when you start your computer to guard against threats and security risks. It also monitors your computer for any activity that might indicate the presence of a threat or security risk. Auto-Protect can determine a file's type even when a threat changes the file's extension.

Example: A threat changes a file's extension to one that is different from what you configured Auto-Protect to scan. When a threat, threat-like activity (an event that could be the work of a threat), or a security risk is detected, Auto-Protect alerts and takes the necessary steps to either clean, quarantine, delete or leave alone (log only) the detection of a threat depending upon the Actions configured for each detection type.


Types of Auto-Protect:

  1. File System Auto-Protect: File System Auto-Protect is a type of ongoing or background scan that provides real-time protection for files on your computer. Whenever you access, copy, save, move, open, or close a file, Auto-Protect scans it to ensure that a threat or security risk is not present.
  2. Internet Email Auto-Protect: Internet EMail Auto-Protect is a type of ongoing or background scan. This scan will check incoming as well as outgoing email. It provides real-time protection against attachments to internet email. Internet Email Auto-Protect supports encrypted passwords and email over POP3 and SMTP connections. If you use POP3 or SMTP with Secure Sockets Layer (SSL), then Auto-Protect detects secure connections but does not scan encrypted messages. Even though Auto-Protect does not scan the email that uses secure connections, it will continue to protect computers from risks in attachments. It scans email attachments when you save the attachment to the hard drive. If you use an email client other than Outlook or Outlook Express, it is recommended to have this enabled.
  3. Notes Auto-Protect: Lotus Notes Auto-Protect is a type of ongoing or background scan. This type of Auto-Protect provides real-time protection against attachments to Lotus Notes email. This scan gives Lotus Notes users additional protection from threats sent by email. If you use Lotus Notes, it is recommended to have this enabled.
  4. Outlook Auto-Protect: Outlook Auto-Protect is a type of ongoing or background scan. This scan gives Outlook and Outlook Express users additional protection from threats sent by email. If you use Outlook or Outlook Express, it is recommended to have this enabled.



How does Auto-Protect Mitigate Threats ?

  1. Clean risk: Auto Protect tries to clean the infected file when a threat is found.
  2. Quarantine risk: It tries to move the infected file into Quarantine on the infected computer as soon as it is detected. When a file is in Quarantine, you cannot execute it until you move the file back to its original location.
  3. Delete risk: Tries to delete the file. Use this option only if you can replace the infected file with a threat-free backup copy. After the file is permanently deleted, you cannot recover it from the Recycle Bin. If Auto-Protect cannot delete the file, detailed information about the action appears in the Notification dialog box and the client Event Log.
  4. Leave alone (log only): Denies any access to the file, displays a notification, and logs the event. Use this option to take manual control of how Auto-Protect handles a threat.




Legacy ID



2009071309443548


Article URL http://www.symantec.com/docs/TECH94990


Terms of use for this information are found in Legal Notices