| Administer-Defined Scans |
Balanced |
High Performance |
High Security |
| Daily Scheduled Scan |
Enabled, every day at 12:30AM |
Enabled, every day at 12:30AM |
Enabled, every day at 12:30AM |
| Scan Type |
Active Scan |
Active Scan |
Active Scan |
| File types |
Scan all files |
Scan all files |
Scan all files |
| Enhance scan by checking: Memory... |
Yes |
Yes |
Yes |
| ...common infection locations |
Yes |
Yes |
Yes |
| ...well-known virus and security risk locations |
Yes |
Yes |
Yes |
| Scan Compressed Files |
Yes, 3 levels deep |
Yes, 3 levels deep |
Yes, 3 levels deep |
| Storage Migration... |
Skip offline and sparse files |
Skip offline and sparse files |
Skip offline and sparse files |
| ...open files with backup semantics |
No |
No |
No |
| Tuning |
Best Application Performance |
Best Application Performance |
Best Application Performance |
| Enable Insight Lookup |
Yes |
Yes |
Yes |
| Insight Level |
Level 5 (Typical) |
Level 1 (Minimum) |
Level 5 (Typical) |
| Insight reputation detections: 1st action / 2nd action if first fails |
Quarantine/Leave alone (log only) |
Quarantine/Leave alone (log only) |
Quarantine/Leave alone (log only) |
| Schedule |
Daily at 12:30AM |
Daily at 12:30AM |
Daily at 12:30AM |
| Scan Duration |
Scan up to 2 hours |
Scan up to 2 hours |
Scan up to 2 hours |
| Randomize start time |
Yes |
Yes |
Yes |
| Retry scan |
Yes, within 72 hours |
Yes, within 264 hours |
Yes, within 72 hours |
| Malware detections: 1st action / and 2nd action if first fails |
Clean/Quarantine |
Clean/Quarantine |
Clean/Quarantine |
| Virus: Override actions configured for malware? |
No |
No |
No |
| Security Risk detections: 1st action / and 2nd action if first fails |
Quarantine/Leave alone—log only |
Quarantine/Leave alone—log only |
Quarantine/Leave alone—log only |
| Adware: Override actions configured for security risks? |
No |
No |
No |
| Dialer? |
No |
No |
No |
| Hack Tool? |
No |
No |
No |
| Joke Program? |
No |
No |
No |
| Misleading Application? |
No |
No |
No |
| Parental Control? |
No |
No |
No |
| Remote Access? |
No |
No |
No |
| Security Assessment Tool? |
No |
No |
No |
| Security Risk? |
No |
No |
No |
| Spyware? |
No |
No |
No |
| Trackware? |
No |
No |
No |
| Backup files before attempting repair |
Yes |
Yes |
Yes |
| Terminate processes automatically |
Yes |
Yes |
Yes |
| Stop services automatically |
Yes |
Yes |
Yes |
| Display notification on infected computer |
No |
No |
No |
| Administrator On-demand Scan Settings |
|
|
|
| Scan the following folders |
All Folders |
All Folders |
All Folders |
| File types |
Scan all files |
Scan all files |
Scan all files |
| Enhance scan by checking: Memory... |
Yes |
Yes |
Yes |
| ...common infection locations |
Yes |
Yes |
Yes |
| ...well-known virus and security risk locations |
Yes |
Yes |
Yes |
| Scan Compressed Files |
Yes, 3 levels deep |
Yes, 3 levels deep |
Yes, 3 levels deep |
| Storage Migration... |
Skip offline and sparse files |
Skip offline and sparse files |
Skip offline and sparse files |
| ...open files with backup semantics |
No |
No |
No |
| Tuning |
Best Application Performance |
Best Application Performance |
Best Application Performance |
| Insight Lookup |
Enabled |
Enabled |
Enabled |
| Insight Level |
Level 5 (Typical) |
Level 1 (Minimum) |
Level 5 (Typical) |
| Insight detections: 1st action / and 2nd action if first fails |
Quarantine/Leave alone—log only |
Quarantine/Leave alone—log only |
Quarantine/Leave alone—log only |
| Malware detections: 1st action / and 2nd action if first fails |
Clean/Quarantine |
Clean/Quarantine |
Clean/Quarantine |
| Virus: Override actions configured for malware? |
No |
No |
No |
| Security Risk detections: 1st action / and 2nd action if first fails |
Quarantine/Leave alone—log only |
Quarantine/Leave alone—log only |
Quarantine/Leave alone—log only |
| Adware: Override actions configured for security risks? |
No |
No |
No |
| Dialer? |
No |
No |
No |
| Hack Tool? |
No |
No |
No |
| Joke Program? |
No |
No |
No |
| Misleading Application? |
No |
No |
No |
| Parental Control? |
No |
No |
No |
| Remote Access? |
No |
No |
No |
| Security Assessment Tool? |
No |
No |
No |
| Security Risk? |
No |
No |
No |
| Spyware? |
No |
No |
No |
| Trackware? |
No |
No |
No |
| Backup files before attempting repair |
Yes |
Yes |
Yes |
| Terminate processes automatically |
Yes |
Yes |
Yes |
| Stop services automatically |
Yes |
Yes |
Yes |
| Display notification on infected computer |
No |
No |
No |
| Administer-Defined Scans, Advanced Tab |
|
|
|
| Delay scheduled scans when running on batteries |
Yes |
Yes |
Yes |
| Allow user-defined scans to run when user is not logged on |
Yes |
Yes |
Yes |
| Display notifications about detections when user logs on |
Yes |
Yes |
Yes |
| Allow startup scans to run when user logs on |
No |
No |
No |
| Run an active scan when new definitions arrive |
Yes |
Yes |
Yes |
| Show scan progress |
No |
No |
No |
| Auto-Protect |
Balanced |
High Performance |
High Security |
| Auto-Protect Scan Details |
|
|
|
| Enabled |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| File types to scan |
Scan all files (unlocked) |
Scan only selected exensions (common programs and documents) (unlocked) |
Scan all files (LOCKED) |
| Scan for security risks |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| Block security risks from being installed |
Yes (LOCKED) |
Yes (LOCKED) |
Yes (LOCKED) |
| Scan files on remote computers... |
Yes (unlocked) |
No (unlocked) |
Yes (LOCKED) |
| ...scan remote files only when files are executed |
Yes (unlocked) |
N/A |
Yes (LOCKED) |
| Trust files on remote computers running Auto-Protect |
Yes (unlocked) |
N/A |
Yes (LOCKED) |
| Enable network cache |
Yes; keep up to 30 entries, delete entries after 600 seconds (unlocked) |
N/A |
Yes; keep up to 30 entries, delete entries after 600 seconds (LOCKED) |
| Activities that trigger Auto-Protect scan |
File is accessed or modified (unlocked) |
File is accessed or modified (unlocked) |
File is accessed or modified (LOCKED) |
| Scan when a file is backed up |
Yes (unlocked) |
No (unlocked) |
Yes (LOCKED) |
| Do not scan files when trusted processes access the files |
Yes (unlocked) |
Yes (unlocked) |
Yes (unlocked) |
| Check floppies for boot virus when accessed |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| Action to take when floppy boot virus is found |
Leave alone (log only) (unlocked) |
Leave alone (log only) (unlocked) |
Leave alone (log only) (LOCKED) |
| Even if action is 'Leave alone (log only)': delete newly created viruses? |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| ...delete newly created security risks? |
No (unlocked) |
No (unlocked) |
No (LOCKED) |
| Preserve file times |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| Malware detections: 1st action / and 2nd action if first fails |
Clean/Quarantine (unlocked) |
Clean/Quarantine (unlocked) |
Clean/Quarantine (LOCKED) |
| Virus: Override actions configured for malware? |
No (unlocked) |
No (unlocked) |
No (unlocked) |
| Security Risk detections: 1st action / and 2nd action if first fails |
Quarantine/delete (unlocked) |
Quarantine/leave alone (unlocked) |
Quarantine/delete (LOCKED) |
| Adware: Override actions configured for security risks? |
No (unlocked) |
No (unlocked) |
No (LOCKED) |
| Dialer? |
No (unlocked) |
No (unlocked) |
No (LOCKED) |
| Hack Tool? |
No (unlocked) |
No (unlocked) |
No (LOCKED) |
| Joke Program? |
No (unlocked) |
No (unlocked) |
No (LOCKED) |
| Misleading Application? |
No (unlocked) |
No (unlocked) |
No (unlocked) |
| Parental Control? |
No (unlocked) |
No (unlocked) |
No (unlocked) |
| Remote Access? |
No (unlocked) |
No (unlocked) |
No (LOCKED) |
| Security Assessment Tool? |
No (unlocked) |
No (unlocked) |
No (unlocked) |
| Security Risk? |
No (unlocked) |
No (unlocked) |
No (unlocked) |
| Spyware? |
No (unlocked) |
No (unlocked) |
No (LOCKED) |
| Trackware? |
No (unlocked) |
No (unlocked) |
No (LOCKED) |
| Backup files before attempting to repair them |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| Terminate processes automatically |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| Stop services automatically |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| Display notification on infected computer |
No (unlocked) |
No (unlocked) |
Yes (LOCKED) |
| Display the Auto-Protect results dialog on the infected computer |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| Load auto-protect when |
When computer starts (unlocked) |
When SEP starts (unlocked) |
When computer starts (LOCKED) |
| Check floppies when computer shuts down |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| When Auto-Protect must be reloaded |
Stop and reload Auto-Protect (unlocked) |
Stop and reload Auto-Protect (unlocked) |
Stop and reload Auto-Protect (LOCKED) |
| When Auto-Protect is disabled, enable after X minutes |
Yes, 5 minutes (unlocked) |
Yes, 5 minutes (unlocked) |
Yes, 5 minutes (LOCKED) |
| Enable file cache... |
Yes, use default cache size (unlocked) |
Yes, use default cache size (unlocked) |
Yes, use default cache size (LOCKED) |
| ...rescan cache when new definitions arrive |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| Enable Risk Tracer... |
No (unlocked) |
No (unlocked) |
Yes (LOCKED) |
| ...resolve the source computer IP address |
N/A |
N/A |
Yes (LOCKED) |
| ...poll for nework sessions every X milliseconds |
N/A |
N/A |
Yes, every 1000 msec (LOCKED) |
| Download Protection |
Balanced |
High Performance |
High Security |
| Enable Download Insight |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| Malicious file sensitivity |
5 (Typical) (unlocked) |
Level 1 (Minimum) (unlocked) |
5 (Typical) (LOCKED) |
| ...also detect files with X or fewer users |
No (unlocked) |
No (unlocked) |
No (LOCKED) |
| ...also detect files known by users X or fewer days |
No (unlocked) |
No (unlocked) |
No (LOCKED) |
| Automatically trust any file downloaded from an intranet site |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| Malicious download detection: first action... |
Quarantine (unlocked) |
Quarantine (unlocked) |
Quarantine (LOCKED) |
| ...if first action fails |
Leave alone—log only (unlocked) |
Leave alone—log only (unlocked) |
Leave alone—log only (LOCKED) |
| Action for unproven files |
Prompt (unlocked) |
Prompt (unlocked) |
Prompt (LOCKED) |
| Display Download Insight notifications on infected computer |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| SONAR |
Balanced |
High Performance |
High Security |
| Enable SONAR |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| High risk detection action |
Quarantine (unlocked) |
Quarantine (unlocked) |
Quarantine (LOCKED) |
| Low risk detection action |
Log (unlocked) |
Log (unlocked) |
Log (LOCKED) |
| Enabled aggressive mode |
No (unlocked) |
No (unlocked) |
No (LOCKED) |
| Show alert upon detection |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| Prompt before terminating a process |
No (unlocked) |
No (unlocked) |
No (LOCKED) |
| Prompt before stopping a service |
No (unlocked) |
No (unlocked) |
No (LOCKED) |
| Action to take when DNS change detected |
Ignore (unlocked) |
Ignore (unlocked) |
Block (LOCKED) |
| Action to take when hosts file change detected |
Ignore (unlocked) |
Ignore (unlocked) |
Block (LOCKED) |
| Suspicious behavior high risk detection action |
Block (unlocked) |
Ignore (unlocked) |
Block (LOCKED) |
| Suspicious behavior low risk detection action |
Ignore (unlocked) |
Ignore (unlocked) |
Ignore (LOCKED) |
| TruScan Legacy Client Settings |
|
|
|
| Scan for trojans and worms... |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| ...use trojan/worm sensitivity defaults defined by Symantec |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| Scan for keyloggers... |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| ...use keylogger sensitivity defaults defined by Symantec |
Yes (unlocked) |
Yes (unlocked) |
Yes (LOCKED) |
| When a commercial keylogger is detected |
Log (unlocked) |
Log (unlocked) |
Log (LOCKED) |
| When a commercial remote control application is detected |
Log (unlocked) |
Log (unlocked) |
Log (LOCKED) |
| How often should TruScan run |
At the default frequency (unlocked) |
At a custom scanning frequency; scan processes every 6 hours, do not scan new processes (unlocked) |
At a custom scanning frequency; scan processes every 15 minutes, scan new processes immediately (LOCKED) |
Internet, MS Outlook, and Lotus Notes
Email Auto-Protect |
Balanced |
High Performance |
High Security |
| Enabled Email Auto-Protect |
Yes (unlocked) |
No (unlocked) |
Yes (LOCKED) |
| File types to scan |
Scan all files (unlocked) |
N/A |
Scan all files (LOCKED) |
| Scan inside compressed files |
Yes, 3 levels deep (unlocked) |
“ |
Yes, 3 levels deep (LOCKED) |
| Malware detections: 1st action / and 2nd action if first fails |
Clean/Quarantine (unlocked) |
“ |
Clean/Quarantine (unlocked) |
| Virus: Override actions configured for malware? |
No (unlocked) |
“ |
No (unlocked) |
| Security Risk detections: 1st action / and 2nd action if first fails |
Quarantine/Leave alone (unlocked) |
“ |
Quarantine/Leave alone (LOCKED) |
| Adware: Override actions configured for security risks? |
No (unlocked) |
“ |
No (LOCKED) |
| Dialer? |
No (unlocked) |
“ |
No (LOCKED) |
| Hack Tool? |
No (unlocked) |
“ |
No (LOCKED) |
| Joke Program? |
No (unlocked) |
“ |
No (LOCKED) |
| Misleading Application? |
No (unlocked) |
“ |
No (unlocked) |
| Parental Control? |
No (unlocked) |
“ |
No (unlocked) |
| Remote Access? |
No (unlocked) |
“ |
No (LOCKED) |
| Security Assessment Tool? |
No (unlocked) |
“ |
No (unlocked) |
| Security Risk? |
No (unlocked) |
“ |
No (unlocked) |
| Spyware? |
No (unlocked) |
“ |
No (LOCKED) |
| Trackware? |
No (unlocked) |
“ |
No (LOCKED) |
| Display a notification on the infected computer |
Yes (unlocked) |
“ |
Yes (LOCKED) |
| Insert warning into email message |
Yes (unlocked) |
“ |
Yes (LOCKED) |
| Send email to the sender |
No (unlocked) |
“ |
No (LOCKED) |
| Send email to others |
No (unlocked) |
“ |
No (LOCKED) |
| The following settings apply only to Internet Email Auto-Protect |
|
|
|
| Display progress indicator when email is being sent |
No (unlocked) |
“ |
No (LOCKED) |
| Display a notification area icon |
No (unlocked) |
“ |
No (LOCKED) |
| Incoming mail server (POP3) port |
110 (unlocked) |
“ |
110 (LOCKED) |
| Outgoing mail server (SMTP) port |
25 (unlocked) |
“ |
25 (LOCKED) |
| Allow encrypted POP3 connections |
Yes (unlocked) |
“ |
Yes (LOCKED) |
| Allow encrypted SMTP connections |
Yes (unlocked) |
“ |
Yes (LOCKED) |
| Use outbound worm heuristics |
Yes (unlocked) |
“ |
Yes (LOCKED) |
| Outbound worm detection, first action |
Quarantine (unlocked) |
“ |
Quarantine (LOCKED) |
| Outbound worm detection, second action if first fails |
Delete (unlocked) |
“ |
Delete (LOCKED) |
| Global Scan Options |
Balanced |
High Performance |
High Security |
| Enable Insight |
Yes: Symantec Trusted (unlocked) |
Yes: Symantec Trusted (unlocked) |
Yes: Symantec Trusted (LOCKED) |
| Enable Bloodhound |
Yes, automatic (unlocked) |
Yes, automatic (unlocked) |
Yes, aggressive (LOCKED) |
| Ask for password before scanning mapped network drive |
No |
No |
No |
| Enable Shared Insight Cache |
No |
No |
No |
| Quarantine |
Balanced |
High Performance |
High Security |
| When new definitions arrive, take automatic action on quarantine items |
Silent repair and restore |
Silent repair and restore |
Silent repair and restore |
| Quarantine folder location |
Use the default |
Use the default |
Use the default |
| Allow client computers to manually submit to Security Response |
Yes |
Yes |
Yes |
| Allow client computers to manually submit to Quarantine Server |
No |
No |
No |
| Enable automatic deleting of repaired files... |
Yes, delete after 30 days |
Yes, delete after 30 days |
Yes, delete after 30 days |
| ...delete oldest repaired files to limit folder size to X MB |
No |
No |
No |
| Enable automatic deleting of backup files... |
Yes, delete after 30 days |
Yes, delete after 30 days |
Yes, delete after 30 days |
| ...delete oldest backup files to limit folder size to X MB |
No |
No |
No |
| Enable automatic deleting of files that could not be repaired... |
Yes, delete after 30 days |
Yes, delete after 30 days |
Yes, delete after 30 days |
| ...delete oldest non-repairable files to limit folder size to X MB |
No |
No |
No |
| Miscellaneous |
Balanced |
High Performance |
High Security |
| Disable Windows Security Center |
Never |
Never |
Never |
| Display antivirus alerts within Windows Security Center |
Enable |
Enable |
Enable |
| Display WSC message when definitions are outdated by X days |
Warn after 29 days |
Warn after 29 days |
Warn after 29 days |
| Address to use as browser home page if a security risk changes it |
Symantec Security Response |
Symantec Security Response |
Symantec Security Response |
| Selected events sent from client to management server |
Scan aborted, started, stopped
Security risk side effect repair failed
Client running without virus definitions
Virus definition rollback
Antivirus installed
Uninstall, uinstalll rolled back
Error loading services |
Scan aborted, started, stopped
Security risk side effect repair failed
Client running without virus definitions
Virus definition rollback
Antivirus installed
Uninstall, uinstalll rolled back
Error loading services |
Scan aborted, started, stopped
Security risk side effect repair failed
Client running without virus definitions
Virus definition rollback
Antivirus installed
Uninstall, uinstalll rolled back
Error loading services |
| Delete logs older than X days |
14 days (unlocked) |
14 days (unlocked) |
14 days (unlocked) |
| Send aggregate events every X minutes |
5 minutes |
5 minutes |
5 minutes |
| Days before a warning appears in SEP client for outdated definitions... |
14 days (unlocked) |
14 days (unlocked) |
14 days (unlocked) |
| ...display a notification message on the client computer |
No |
No |
No |
| Remediation attempts before warning appears on a client running without definitions... |
2 |
2 |
2 |
| ...display a notification message on the client computer |
No |
No |
No |
| Display error messages with a URL to a solution |
Yes, display URL to Symantec KB article |
Yes, display URL to Symantec KB article |
Yes, display URL to Symantec KB article |
| Enable Virtual Image Exception for Auto-Protect |
No |
No |
No |
| Enable Virtual Image Exception for Administrator-Defined Scans |
No |
No |
No |
| Macintosh Settings |
Balanced |
High Performance |
High Security |
| Scheduled Scan |
|
|
|
| Daily Scheduled Scan |
Enabled, every day at 8:00PM |
Enabled, every day at 8:00PM |
Enabled, every day at 8:00PM |
| Scan Drives or Folders |
Folders, Library folder only |
Folders, Library folder only |
Folders, Library folder only |
| Priority |
Low |
Low |
Medium |
| Administrator On-demand Scan Settings |
|
|
|
| Scan Drives or Folders in on-demand Scans |
Drives only, Hard drives and removable |
Drives only, Hard drives and removable |
Drives only, Hard drives and removable |
| Scan compressed files in on-demand scans |
Yes |
No |
Yes |
| Automatically repair files |
Yes |
Yes |
Yes |
| Quarantine files that cannot be repaired |
Yes |
Yes |
Yes |
| On-demand scan infection notification on client |
No |
No |
No |
| Administrator-Defined Scans, Common Settings |
|
|
|
| Display a notification message on the infected computer |
No |
No |
No |
| Scan Compressed Files |
Yes |
No |
Yes |
| Allow scan snooze |
No |
No |
No |
| Allow scan cancel |
No |
No |
No |
| Automatically repair files |
Yes |
Yes |
Yes |
| Quarantine files that cannot be repaired |
Yes |
Yes |
Yes |
| Show alerts |
...only when infected files are found |
...only when infected files are found |
...only when infected files are found |
| Macintosh Auto-Protect Settings |
|
|
|
| Lock Auto-Protect Settings |
No |
No |
No |
| Enable Auto-Protect |
Yes (unlocked) |
Yes (unlocked) |
Yes (unlocked) |
| Automatically repair files |
Yes (unlocked) |
Yes (unlocked) |
Yes (unlocked) |
| Quarantine files that cannot be repaired |
Yes (unlocked) |
Yes (unlocked) |
Yes (unlocked) |
| Scan Compressed Files |
Yes (unlocked) |
Yes (unlocked) |
Yes (unlocked) |
| What files are scanned by Auto-Protect |
Scan everywhere |
Scan everywhere |
Scan everywhere |
| Scan disks when they are mounted |
Yes |
Yes |
Yes |
| Show progress during mount scans |
Yes |
Yes |
Yes |
| Scan the following disks or devices when mounted (“All”, or select from “Music or video disks”, “iPod”, “Data disks”, “All other disks”) |
“iPods”, “Data disks”, “All other disks” |
“iPods”, “Data disks”, “All other disks” |
“iPods”, “Data disks”, “All other disks” |
| Display notification on infected computer for Auto-Protect detection |
Yes |
Yes |
Yes |
| Display warning on client when definitions are outdated by X days |
Yes, 30 days |
Yes, 30 days |
Yes, 30 days
|