ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Differences between Symantec Endpoint Protection default settings for Active Quick Scans

book

Article ID: 162056

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

What are the the differences between the default settings of the "Default Quickscan", "Active Scan Upon Startup", "Defwatch Quickscan"?  How do they relate to the options listed in the user interface or scan policy?

Resolution

When configuring scan policy in the Symantec Endpoint Protection Manager or through the client user interface (UI) there are 3 options
  • Memory
  • Common infection locations
  • Well-known virus and security risk locations
These options correspond to the following in the registry on the Symantec Endpoint Protection client
  • "ScanProcesses"=dword:00000001    (= "Memory")
  • "ScanLoadpoints"=dword:00000001    (= "Common Infection Locations")
  • "ScanERASERDefs"=dword:00000001  (= "Well-known virus and security risk locations")
These settings for the default built-in scans can be found at the following locations:

32-bit OS  HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\LocalScans
64-bit OS  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\LocalScans\
  • "Default QuickScan Options"
"ScanProcesses"=dword:00000001 
"ScanLoadpoints"=dword:00000001
"ScanERASERDefs"=dword:00000001
 
  • "Defwatch QuickScan Options"
"ScanProcesses"=dword:00000001  
"ScanLoadpoints"=dword:00000001  
"ScanERASERDefs"=dword:00000000 ​
  • "Default Startup Quickscan Options"  ("Active Scan Upon Startup")
"ScanProcesses"=dword:00000001 
"ScanLoadpoints"=dword:00000001  
"ScanERASERDefs"=dword:00000000​