Endpoint Protection

Was looking at my settings:



Would it be worth checking "Scan new processes immediately" ? WIll this give me a better chance at catching rogueware? I know the default is 1hr so if I get some rogueware and it executes it won't be scanned immediately

If you are trying to get a better chance at catching malware I suggest that you first turn your sensitivity down instead of increating the frequency of the scans. Of course the this leads to more false positives, but you are better protected against malware. The other thing I might suggest (that you hinted at) is to turn on the custom scanning so you can scan the processes immediately, but keep the scans set to one hour. This is what I have my machine at home set at. I find that it is a good balance of protection vs speed. Of course you could set the scan to something crazy like 5 min but your CPU will take a hit. Also you might notice applications opening slightly slower with the "scan new processes immediately", however I found this very slight. Most people won't even notice it. I hope this helps.

Grant-

 You could go as far down as every 15min with little to no impact.

"Scan new processes immediately," is not recommended for most implementations, short of defense contractors and such that need the most utmost secure installations where the balance is security vs performance is less of a factor to daily operation.

I would also up the sensitivity to no more than 50% to the right, from the default setting.  I've never received a false positive on that setting.

What is the default defined by Symantec? Just curious before I make some tweaks



Also, is it the lower the sensitivity the more sensitive or that other way around?

 Default is 20
higher the sensitivity higher the false positives.