There are different type of scans which protect Symantec Endpoint Protection Users and their computers.
Auto-Protect - Auto-Protect continuously scans files and email data for viruses and for security risks; viruses and security risks can include spyware and adware, as they are read from or written to a computer.
Types of Auto-Protect:
- File System Auto-Protect
- Internet Email Auto-Protect
- Notes Auto-Protect
- Outlook Auto-Protect
Configuring Auto-Protect to determine file types
Auto-Protect is preset to scan all files and processes. It may complete scans faster by scanning only files with selected extensions.
For example, you might want to scan only the following extensions:
Typically viruses affect only certain types of files. If you scan selected extensions, however, you get less protection because Auto-Protect does not scan all files. The default list of extensions represents those files that are commonly at risk of infection by viruses.
Auto-Protect scans the file extensions that contain executable code and all .exe and .doc files. It can also determine a file's type even when a virus changes the file's extension. For example, it scans .doc files even if a virus changes the file extension.
You should configure Auto-Protect to scan all file types to ensure that your computer receives the most protection from viruses and security risks.
Note: Auto-Protect does not function on Linux platforms, you must run a manual scan on those machines to detect threats.
Schedule Scan Types which could be scheduled from Symantec Endpoint Protection Manager
Active Scan - Scans the system memory and all the common virus and security risk locations on the computer quickly. The scan includes all processes that run in memory, important Windows registry files, and files like config.sys and windows.ini. It also includes some critical operating system folders.
NOTE: Only custom scans are available for Mac clients.
Custom Scan - Scans the files and folders that you select for viruses and security risks.
Startup scans and triggered scans - Startup scans run when the users log on to the computers. Triggered scans run when new virus definitions are downloaded to computers.
Note: Startup scans and triggered scans are available only for Windows clients.
On-demand scans - On-demand scans are the scans that run immediately when you select the scan command in Symantec Endpoint Protection Manager. You can select the command from the Clients tab or from the logs.
Full Scan - Scans the entire computer for viruses and security risks, including the boot sector and system memory.
It will scan each file by starting with A to Z its not real time..Its manual or scheduled.
A Full system scan are the antivirus and antispyware scans that detect known viruses and security risks. For the most complete protection, you should schedule occasional scans for your client computers. Unlike Auto-Protect, which scans files and email as they are read to and from the computer, A Full system scans detect viruses and security risks.
A Full system scan detect viruses and security risks by examining all files and processes (or a subset of files and processes). A Full system scan can also scan memory and load points.
A Full system scan does these...
Scans the system memory and all the common virus and security risk locations.
Scans the entire computer for viruses and security risks, including the boot sector and system memory.
Full scans can be scheduled Manually and also a Administrator Defined scans could be performed from SEPM. check the Articles below:
TruScan Proactive Threat scans -
Supported on Windows computers that run Symantec Endpoint Protection version 11.x.
SONAR is not supported on any computers that run version 11.x.
TruScan proactive threat scans provide protection to legacy clients against zero-day attacks. TruScan proactive threat scans determine if an application or a process exhibits characteristics of known threats. These scans detect Trojan horses, worms, keyloggers, adware and spyware, and the applications that are used for malicious purposes.
Unlike SONAR, which runs in real time, TruScan proactive threat scans run on a set frequency.
TruScan proactive threat scans use heuristics to scan for the behavior that is similar to virus and security risk behavior. Unlike antivirus and antispyware scans, which detect known viruses and security risks, Proactive threat scans detect unknown virus and security risks.
Note: Because proactive threat scanning examines active processes on client computers, the scanning can impact system performance.
The client software runs proactive threat scans by default. You can enable or disable proactive threat scanning in an Antivirus and Antispyware Policy. Users on client computers can enable or disable this type of scan if you do not lock the setting.
Although you include settings for proactive threat scans in an Antivirus and Antispyware Policy, you configure the scan settings differently from antivirus and antispyware scans.
See About TruScan proactive threat scans.
Bloodhound isolates and locates the logical regions of a file to detect a high percentage of unknown viruses. Bloodhound then analyzes the program logic for virus-like behavior.
What is the difference between the Bloodhound and Proactive Threat Protection (TruScan) technologies?
For Symantec Endpoint Protection 12.1, there are few Additional Scans as below -
Download Insight boosts the security of Auto-Protect scans by inspecting files when users try to download them from browsers and other portals.
Download Insight uses reputation information to make decisions about files. A Symantec technology that is called Insight determines the file reputation. Insight uses not only the source of a file but also its context to determine a file's reputation. Insight provides a security rating that Download Insight uses to make decisions about the files.
Download Insight functions as part of Auto-Protect and requires Auto-Protect to be enabled.
SONAR offers real-time protection against zero-day attacks. SONAR can stop attacks even before traditional signature-based definitions detect a threat. SONAR uses heuristics as well as file reputation data to make decisions about applications or files.
Like proactive threat scans, SONAR detects keyloggers, spyware, and any other application that might be malicious or potentially malicious.
Note: SONAR is only supported on Windows computers that run Symantec Endpoint Protection version 12.1 and later.
Hope that helps!!