Provides the name and description for each policy.

The following options are available:

• Policy name: Name of the policy. When you create a new policy, this text box is mandatory.
• Description: Description of the policy.
• Enable this policy: Enables a policy and assigns it to a location or group.

Disable the policy if you want to set up the policy and download the settings to the client at a later time. Policies are enabled by default.

Note: You cannot disable a Virus and Spyware policy or a LiveUpdate policy.

• Created: The policy creator.
• Last modified: Date of the last policy modification.

Identifies the groups and locations to which this policy is applied.

Description

Specified options for scheduled scans.

Specifies that scheduled scans be delayed when a computer is running on batteries.

This option is enabled by default. You can disable this option to allow scheduled scans to run as scheduled, even when a computer is running on batteries.

Specifies that user-defined scheduled scans run as scheduled when the scan author is not logged on.

By default, user-defined scheduled scans always run at the scheduled time. This option can be particularly useful in the case of unmanaged client computers that do not use administrator-defined scheduled scans.

You can disable this option to prevent user-defined scheduled scans from running when the user who created the scan is not logged on. You may want to disable this option for multiuser computers.

NOTE: If this option is enabled and the user is logged off when the scan begins, the scan progress dialog box does not display. You can check scan status in this instance by looking in the System log.

Users who are not logged on when their scan runs must look at the Scan Log to see the scan results.

Displays notifications when a user logs on and scans have been running in the background. The option is enabled by default. The administrator can disable this option to have a completely silent application, with no notifications displayed to the user.

Description

Allows startup scans to run when a user logs on.

This option applies to all startup scans. If you disable this option, startup scans do not run when users log on.

Determines whether users can modify startup scans.

This option is enabled by default. You can change this option only when the Run startup scans when users log on parameter is enabled.

Starts an Active Scan when new definitions arrive to check for any risks that the new definitions can detect

By default, an Active Scan is run when new definitions arrive. If you disable this option, you weaken the protection available to your client computers. You should only disable this option if you have special configuration or exclusion needs that conflict with this automatically triggered scan.

If you set the tuning option for an Active Scan to Best Application Performance, the active scan might wait to start up to 15 minutes if the computer is not idle.

Description

Specifies what users see on their computers when a scan is running.

Specifies that the scan progress window closes automatically when the scan is finished.

This option is available when you select either Show scan progress or Show scan progress if risk detected. This option is enabled by default.

Allows users to stop the scans that start on their computers.

This option is available when you select either Show scan progress or Show scan progress if risk detected. This option is disabled by default.

Allows the users to pause or snooze the scans that start on their computers.

This option is available when you select either Show scan progress or Show scan progress if risk detected. This option is enabled by default. When this option is enabled, click Pause Options to specify pause and snooze options.

Enable Auto-Protect

 Enables or disables Auto-Protect for the file system.

By default, Auto-Protect is enabled.

If you disable Auto-Protect, you automatically make the following changes to the protection on your client computers:

• Download Insight does not function even if Download Insight is enabled.
• SONAR does not detect heuristic threats. SONAR detection of system changes or host file changes, however, continues to function.

You can scan all file types or only files with selected extensions.

File types

The following options are available:

• Scan all files: Scans all files on the computer, regardless of type.
• Scan only selected extensions: Scans only the files that have certain extensions. You can add more extensions for programs and documents, if you have files that use the extensions that are not already in the list. You can also reset this option to its default value.
• Determine file types by examining file contents: Scans a specific, configurable group of the file extensions that contain executable code, and all .exe and .doc files. The Symantec Endpoint Protection client reads each file's header to determine its file type. It scans .exe and .doc files even if a virus changes the file extensions for the .exe and the .doc files. This option is disabled by default.
• Select Extensions: Specifies that only certain file extensions should be included in the scan

          You can add or remove file extensions to scan. Only the file extensions that you specify are scanned. The client does not scan any files that have extensions that are not in the list.

Note: If you want to exclude files or folders from scans, create an exception.

Additional options

Additional options include the following:

• Scan for security risks: This option is enabled by default. Note: This option has no effect on the computers that run earlier versions of the client.
• Block security risks from being installed: If Auto-Protect determines that it would not be harmful to a computer to block a security risk, then it blocks the risk. This option is enabled by default.
• Advanced Scanning and Monitoring: Provides options for triggering automatic scans and other advanced options.

Network Settings

Network settings provides the following options for scanning files on remote computers:

• Scan files on remote computers: Enables or disables scanning on network drives. If you disable this option, you might improve client computer performance.
• Only when files are executed: By default, Auto-Protect scans files on remote computers only when file are executed. You can disable this option to scan all files on remote computers, but you might impact your client computer performance.
• Network Settings: When scanning is enabled on network drives, Auto-Protect scans files when a client computer or a server accesses them from a server. When network scanning is enabled, you can also enable Auto-Protect to trust remote versions of Auto-Protect and to use a network cache. 

Detection type

Action options

Malware

You can configure a first action to take and a second action to take if the first action fails.

Actions for viruses include the following actions:

• Clean risk (default first action): Tries to clean the infected file when a virus is found.
• Quarantine risk (default second action): Tries to move the infected file to the Quarantine on the infected computer as soon as it is detected. After an infected file is moved to the Quarantine, a user on that client computer cannot run the file. The user must first specify an action for the file. For example, the user can specify that the client should clean the file and move the file back to its original location.
• Delete risk: Tries to delete the file. Use this option only if you can replace the infected file with a virus-free backup copy. The file is permanently deleted and cannot be recovered from the Recycle Bin. 

          If the client cannot delete the file, detailed information about the action appears in the Notifications window and the System log.

• Leave alone (log only): Denies the access to the file, displays a notification, and logs the event. Use this option to take manual control of how the client handles a virus.

          When you select this action, by default Symantec Endpoint Protection automatically deletes newly created or saved infected files.

          When you are notified of a virus, open the Risk log, right-click the name of the file, and select one of the following actions: Clean (viruses only), Delete Permanently, or Move To Quarantine.

          You can also specify an action for the risk in the Risk log.

See Risk logs and reports . 

You can configure security risk actions as follows:

• Configure the same actions to take for all security risks.
• Configure the same actions for a whole category of security risks.
• Configure individual security risk exceptions to the actions that you set for specific categories. The Override actions configured for Security Risks option is disabled by default. 

You can configure a first action to take and a second action to take if the first action fails. Actions for security risks include the following: 

• Quarantine risk (default first action): Tries to move any infected files to the Quarantine on the infected computer as soon as the security risk is detected or completes its installation. The client removes or repairs any side effects of the risk. Side effects might include additional registry keys, modified registry key values, additions to .ini or .bat files, or extra entries in hosts files. They might also include errors in a Layered Service Provider (LSP) system driver or the effects of a rootkit. You can restore the security risk items that are quarantined to their original state on the system. In some instances, you might need to restart the computer to complete the removal or repair.
• Delete risk: Tries to delete security risk files. Use this option only if you can replace the files with a security risk-free backup copy. You cannot recover permanently deleted files from the Recycle Bin.

         Use this action with caution. The deletion of security risks can cause applications to lose functionality.

         If the client cannot delete files, detailed information about the actions appears in the Notifications window and the System log.

• Leave alone (log only) (default second action): The risk is left alone and its detection is logged. Use this option to take manual control of how the client handles a security risk.

          When you select this action, by default Symantec Endpoint Protection automatically deletes the newly created or saved files that are security risks.

          You can use the Risk log in the console to specify the action for the logged risk. Users on client computers can use the logs to specify the action as well.

You can also lock exceptions so that users cannot create their own security risk exceptions for scans. 

Note: In some instances, you might unknowingly install an application that includes a security risk such as adware or spyware. If Symantec has determined that blocking the risk does not harm the computer, then by default the client blocks the risk. If the block action might make the computer unstable, the client waits after the application installation. The client then performs the configured action on the security risk.

Option

Description

Back up files before attempting to repair them

Backs up the infected file before repairing it

When this option is enabled, the original virus-infected file is encrypted and then copied into the Quarantine folder. If you need, you can use this unrepaired backup file to return the file to its original, but infected state.

Note: If you disable this option, files that contain viruses are not backed up before repairs are tried.

This setting applies only to virus-infected files. For security risks, if the action you have configured is Delete risk, no backup files are created. If the action that you configure is Quarantine risk, the security risk files are always backed up, regardless of this setting.

Terminate processes automatically

Enables or disables notifications on infected computers when the client must terminate a process to remove or repair a risk.

When this option is enabled, the client automatically takes the necessary action without notifying users.

Stop services automatically

Enables or disables notifications on infected computers when the client must stop a service to remove or repair a risk.

When this option is enabled, the client automatically takes the necessary action without notifying users.

Note: Users are always notified when a restart is required. They are allowed to save data and close open applications or to opt out of the restart.