Endpoint Protection

There is a debate going on at my work about how often Administrator-defined Scans should run on our workstations.  I am the new Endpoint admin and inherited a previous admins policies.  The existing policy is to perform a complete scan (in the middle of the night) once per day.  File System Auto-Protect is already in place as well as Email and TruScan.  My thinking is that with real-time scanning in place there is no need to run a scan everyday.  I would think that 1 complete scan per week should be sufficient.  New DAT's are downloaded and pushed several times a day.  I would like to know how other organizations configure scanning.

My simple question is, for your environment, how often are your Administrative-defined Scans set to run? 

Thanks in advance for your input.

hi,
it all depends on company policy, how frequent scanning needs to be done.

In my company it is 1 per week (Friday) scaning all files/folders intiated between lunch hours, assuming there is no hamper in end user work while scan is in progress as scheduled scan may take 2- 3 hours of time.

Since AP is on and it takes care of files while being copied/accessed.

But also care needs to be taken like autorun is disabled and the computers are installed with patches whenever available.

Pete!

You should check out this thread too. The product in question here was SAV 10, but there were almost 20 replies where people would comment on exactly how often they ran a full system scan.

https://www-secure.symantec.com/connect/forums/auto-protect-vs-secheduled-scans

My personal opinion is that why not run it? If your policy is in place already, and it is not affecting anything why stop. Unless you are not wanting to leave these machines on overnight anymore then change up your policy depending on what you think. No two setups are the same so no two people should have the same configurations. However typical answers for this question are roughly once per week depending on your setup. Hopefully the thread above gives you some more data to think about.
Cheers
Grant

Hi,

It depends on the company policy at what frequency it needs to be scanned.  

I strongly feel that daily full scan at mid night or lunch hr is compulsory. 
Because File System Auto-Protect will scan only the files which are accessed or modfied.  But what about the files that are kept in the HDD. 

In todays world hard disk capacity are increasing day by day to due the huge demand of data storage in local drives.

One typical example is: If a pen drive of 4 GB or 8 GB is infected by some virus like Sily FDC or Hara kit.
The virus remains with in the drive untill and unless it is fully scanned and the chances of spreading the virus becomes more thru pen drive.

What i prefer is to scan the servers daily and Clients weekly.
But it also depends on the browsing habbits of the company employees
If there are lots of detections then i would recommend to scan them daily as well.

Full scan is scheduled on a weekly base for clients on Friday during lunch time, servers on Sunday. 

1/week is enough for most companies. In my previous company I also set it at lunch time every Friday, since most employees go out during Fridays. My present company, however, chose to have a daily scanning during lunch hours, this is the company's offpeak which operates 24 hrs.

Thank you all for your valuable opinions.

While you're at it. I suggest you create a group for problematic PCs/users with a scan schedule set to a more frequent level and just move PCs with the most alerts there. But only if you don't trust the real-time scanning.