When to Load auto-Protect (In depth Question)
My question is pretty granular, and I would be interested to see if anyone has done a true in-house test to note any variance. We have two options for the AV policy to tell SEP when to load. When SEP starts, or When the computer starts. Outside of the obvious setting, has anyone done any in depth testing to see the variance. One ideal test might be to put something malicious on a system maybe netcat (Oldie, but just using as example) configured to phone home to a system. Kill the new real-time filter driver, so it’s truly not detected <just to get the test malware on your box>, and bounce the system. Have System 1 with loading auto-protect when the system starts, have system 2 loading auto-protect when SEP starts. See if there is a noticeable difference. Why?? because if this yields a ~seconds shave off boot time (changing it obviously to load when SEP starts) but allows a session if not more than a few seconds to be established, is it worth it?