Defwatch scan SEP12.1
just noticed on a server 2003 box with SEP 12.1 RU1 that the defwatch scans complete much quicker than the daily scheduled active scan. My understanding is that defwatch and active scan are essentially the same thing. That is certainly what I have been told whenever I have asked. Why does active take about 5 times longer? What is the defwatch scan NOT scanning or why is it so fast?
I have seen very similar
I have seen very similar results on both SEP11 and SEP12.1. The Daily active scan is set without exclusions and to scan common load points and memory. Symantec have pretty much confirmed that a "fully-loaded" scheduled active scan will take 75% longer than a defwatch scan. Case closed from my perspective. It does make my choice of how to configure AV scan policy across various machine types more feasible as I know what each scan actually covers. Up 'til now I believed that defwatch and admin-scheduled active scan did the same.