Endpoint Protection

I thought the 12.x client had the ability to not rescan files over and over. Scan Only the files that have changed. 

Please let me know were we can change this option

I believe this setting in the AV policy

AV policy >> Auto-Protect >> Advanced Scanning and Monitoring

Hi Brian,

Sorry , I m lookig this option for scheduled scans , is this setting applicable for schedule scans ?

from above screen shot for us all options are same except one "instead of scan when file is modified we have selected Scan when a file is accessed or modified "

I think both options are  same .  is it correct ?

Hello,

Scan when a file is accessed or modified

Choosing this option causes Auto-Protect to scan files when they are written, opened, moved, copied, or run. Use this option for more complete file system protection. This option might affect performance because Auto-Protect scans files during all types of file operations.

Scan when a file is modified

Choosing this option causes Auto-Protect to scan files when they are written, modified, or copied.

Note: If a threat is moved within the same volume or renamed when Auto-Protect is configured to scan on modify, the threat will not be detected.

Use this option for slightly faster performance, because Auto-Protect scans files only when they are written, modified, or copied.

Configuring these settings:

It is possible to choose the desired Auto-Protect behavior by following these steps:

1. Login to the Symantec Endpoint Protection Manager (SEPM)
2. Click Policies > Virus and Spyware Protection
3. Right-click your Virus and Spyware Protection policy and click Edit
4. Click Auto-Protect > Advanced Scanning and Monitoring...
5. Select the desired Auto-Protect behavior

Check this Article:

SEP 12.1 and Advance Scanning

https://www-secure.symantec.com/connect/articles/sep-121-and-advance-scanning

Hope that helps!!

This should only apply to auto-protect

I believe for scheduled scans this is automatically determined by the SEP client. I've not seen any settings like this for a scheduled scan.

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your query.

Have you checked with Shared Insight Cache (SIC)? Also other settings can be used to improve the scan the performance.

Shared Insight Cache (SIC) is a server application which caches known clean files in order to optimize scan performances.SIC server is mainly designed for virtual environment but usage on physical system is supported given that network latency is kept at an absolute low.SIC server keeps a record in memory (ram) of files which are voted clean by system performing scans 

First SEP client needs to scan a file.  Queries SIC and finds no record.  SEP scans the file and sends the results to the SIC.

Subsequent SEP clients need to scan the same file.  They query the cache server and find the file has already been scanned with the same version of defs and the file is clean.  SEP client skips scanning the file.

When a second client run the scan it goes though the same process and since the file is cached on the SIC therefore will skip the scan. 

Shared Insight Cache is only available for the clients that perform scheduled scans and manual scans. 

Shared Insight Cache runs independently of Symantec Endpoint Protection. However, you must configure Symantec Endpoint Protection Manager to specify the location of Shared Insight Cache so that your clients can communicate with Shared Insight Cache. No special license is required to install or run Shared Insight Cache.

Symantec Endpoint Protection Shared Insight Cache User Guide 12.1

http://www.symantec.com/docs/DOC4334

Shared Insight Cache - Best Practices and Sizing guide

http://www.symantec.com/business/support/index?page=content&id=TECH174123

Installation and Configuration of SEP Shared Insight Cache

http://www.symantec.com/docs/TECH185897

Viewing Shared Insight Cache events in the Cache Server log

http://www.symantec.com/docs/HOWTO55316

How Shared Insight Cache works

http://www.symantec.com/docs/HOWTO55318

Also check this article: https://www-secure.symantec.com/connect/articles/sep-121-and-advance-scanning