What are the differences between Symantec Endpoint Protection's Auto-Protect settings "Scan when a file is accessed or modified" and "Scan when a file is modified"?

book

Article ID: 157147

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security

Issue/Introduction

What are the differences between Symantec Endpoint Protection's (SEP) Auto-Protect settings "Scan when a file is accessed or modified" and "Scan when a file is modified"?

Resolution

Scan when a file is accessed or modified

Choosing this option causes Auto-Protect to scan files when they are written, opened, moved, copied, or run. Use this option for more complete file system protection. This option might affect performance because Auto-Protect scans files during all types of file operations.

Scan when a file is modified

Choosing this option causes Auto-Protect to scan files when they are written, modified, or copied.

Note: If a threat is moved within the same volume or renamed when Auto-Protect is configured to scan on modify, the threat will not be detected.

Use this option for slightly faster performance, because Auto-Protect scans files only when they are written, modified, or copied.

Configuring these settings:

It is possible to choose the desired Auto-Protect behavior by following these steps:

  1. Login to the Symantec Endpoint Protection Manager (SEPM)
  2. Click Policies > Virus and Spyware Protection
  3. Right-click your Virus and Spyware Protection policy and click Edit
  4. Click Auto-Protect > Advanced Scanning and Monitoring...
  5. Select the desired Auto-Protect behavior