Types of Scan in SEP 12.1
Symantec Endpoint Protection 12.1 includes different types of scans to provide protection against different types of viruses, threats, and risks. By default, Symantec Endpoint Protection runs an active scan every day at 12:30 P.M. Symantec Endpoint Protection also runs an active scan when new definitions arrive on the client computer. On unmanaged computers, Symantec Endpoint Protection also includes a default startup scan that is disabled.
On unmanaged clients, we need to make sure that we run an active scan every day on your computer. We might want to schedule a full scan once a week or once a month if you suspect that we have an inactive threat on your computer. Full scans consume more computer resources and might impact computer performance.
Auto-Protect: Auto-Protect continuously inspects files and email data as they are written to or read from a computer. Auto-Protect automatically neutralizes or eliminates detected viruses and security risks. Auto-Protect also protects some email that you might send or receive.
Download Insight : Download Insight boosts the security of Auto-Protect by inspecting files when users try to download them from browsers and other portals. Download Insight uses reputation information to make decisions about files. The reputation scoring of files is determined by a Symantec technology called Insight. Insight uses not only the source of a file but also its context. Insight provides a security rating that Download Insight uses to make decisions about the files. Download Insight functions as part of Auto-Protect and requires Auto-Protect to be enabled. If you disable Auto-Protect but enable Download Insight, Download Insight cannot function.
Administrator scans and user defined scan: For managed clients, your administrator might create scheduled scans or run scans on demand. For unmanaged clients, or managed clients for which scan settings are unlocked, you can create and run your own scans.Administrator or user-defined scans detect viruses and security risks by examining all files and processes on the client computer. These types of scans can also inspect memory and load points.
SONAR: SONAR offers real-time protection against zero-day attacks. SONAR can stop attacks even before traditional signature-based definitions detect a threat.SONARuses heuristics as well as file reputation data to make decisions about applications or files.
Like proactive threat scans,SONARdetects keyloggers, spyware, and any other application that might be malicious or potentially malicious.
The following types of administrator or user-defined scans are available:
■ Scheduled scans
A scheduled scan runs on the client computers at designated times. Any concurrently scheduled scans run sequentially. If a computer is turned off during a scheduled scan, the scan does not run unless it is configured to retry missed scans. You can schedule an active, full, or custom scan. You can save your scheduled scan settings as a template. You can use any scan that you save as a template as the basis for a different scan. The scan templates can save you time when you configure multiple policies. A scheduled scan template is included by default in the policy. The default scheduled scan scans all files and directories.
■ Startup scans and triggered scans
Startup scans run when the users log on to the computers. Triggered scans run when new virus definitions are downloaded to computers.
■ On-demand scans
On-demand scans are scans that you start manually. You can run scans on demand from the Scan for Threats page.