What are the differences between Auto-Protect scans and Scheduled Scans or Manual Scans in Symantec Endpoint Protection (SEP)?
Auto-Protect is the first line of defense against threats by providing real-time protection for your computer. Whenever you access, copy, save, move, open or close a file, Auto-Protect scans the file to ensure that a threat has not attached itself. By default, it loads when you start your computer to guard against threats and security risks. It also monitors your computer for any activity that might indicate the presence of a threat or security risk. Auto-Protect can determine a file's type even when a threat changes the file's extension.
Note: Auto-Protect is available on Linux platforms running just on specific Kernel versions. Check the article Supported kernels of Symantec Linux Agent to identify the supported kernels divided per version of Symantec Linux Agent.
Note: Auto-Protect does not scan inside compressed files (.zip files for example) due to the amount of time required to decompress the container file and scan each file. This is by design.
Example: A threat changes a file's extension to one that is different from what you configured Auto-Protect to scan. When a threat, threat-like activity (an event that could be the work of a threat), or a security risk is detected, Auto-Protect alerts and takes the necessary steps to either clean, quarantine, delete or leave alone (log only) the detection of a threat depending upon the Actions configured for each detection type.
File System Auto-Protect: File System Auto-Protect is a type of ongoing or background scan that provides real-time protection for files on your computer. Whenever you access, copy, save, move, open, or close a file, Auto-Protect scans it to ensure that a threat or security risk is not present.
Outlook Auto-Protect: Outlook Auto-Protect is a type of ongoing or background scan. This scan gives Outlook and Outlook Express users additional protection from threats sent by email. If you use Outlook or Outlook Express, it is recommended to have this enabled.
Note: SEP versions older than 14.2 contained these now obsolete and removed types:
Internet Email Auto-Protect: Internet Email Auto-Protect is a type of ongoing or background scan. This scan will check incoming as well as outgoing email. It provides real-time protection against attachments to internet email. Internet Email Auto-Protect supports encrypted passwords and email over POP3 and SMTP connections. If you use POP3 or SMTP with Secure Sockets Layer (SSL), then Auto-Protect detects secure connections but does not scan encrypted messages. Even though Auto-Protect does not scan the email that uses secure connections, it will continue to protect computers from risks in attachments. It scans email attachments when you save the attachment to the hard drive. If you use an email client other than Outlook or Outlook Express, it is recommended to have this enabled.
Notes Auto-Protect: Lotus Notes Auto-Protect is a type of ongoing or background scan. This type of Auto-Protect provides real-time protection against attachments to Lotus Notes email. This scan gives Lotus Notes users additional protection from threats sent by email. If you use Lotus Notes, it is recommended to have this enabled.
Clean risk: Auto-Protect tries to clean the infected file when a threat is found.
Quarantine risk: It tries to move the infected file into Quarantine on the infected computer as soon as it is detected. When a file is in Quarantine, you cannot execute it until you move the file back to its original location.
Delete risk: Tries to delete the file. Use this option only if you can replace the infected file with a threat-free backup copy. After the file is permanently deleted, you cannot recover it from the Recycle Bin. If Auto-Protect cannot delete the file, detailed information about the action appears in the Notification dialog box and the client Event Log.
Leave alone (log only): Denies any access to the file, displays a notification, and logs the event. Use this option to take manual control of how Auto-Protect handles a threat.
A Full System Scan is the Antivirus and Antispyware scans that detect known viruses and security risks. For the most complete protection, you should schedule occasional scans for your client computers. Unlike Auto-Protect, which scans files and email as they are read to and from the computer, full system scans detect viruses and security risks. A Full System Scan will also scan inside compressed files (Zip file for example).
A Full System Scan will detect viruses and security risks by examining all files and processes (or a subset of files and processes). A Full System Scan can also scan memory and load points. (Note, though, that no AV product can detect threats which exist only in memory and are not written to the disk.)
Scans the system memory and all the common virus and security risk locations.
Scans the entire computer for viruses and security risks, including the boot sector and system memory.
Scheduled scans remain an important part of a computer's defenses. Please do encourage a full system scan at least weekly!