The following steps will change the policy configuration to disable these Active Scans.
- Open the Symantec Endpoint Protection Manager (SEPM) console
- Click on the Policies tab on the far left side
- Highlight Antivirus and Antispyware under the View Policies column
- Highlight the policy in question under the Antivirus and Antispyware Policies window. If you have not created a new policy, select the existing policy.
- Within the middle column under Tasks, select Edit the Policy
- A new window will open.
- From the new window, there will be a menu on the left side, select Administrator-defined Scans
- From the Administrator-defined Scans window on the right side select the Advanced tab
- Unselect Run an Active Scan when new definitions arrive
- Click OK
- Either update the policy from the manager/client, or wait for the next update cycle
The "DefWatch QuickScan" has been renamed to "Active Scan when new definitions arrive" since SEP 11.
See for more details on Active Scans and Scheduled Scans:
TECH104430 - Symantec Endpoint Protection Manager - Antivirus and Antispyware - Policies explained
HOWTO80940 - About the types of scans and real-time protection