About the default Virus and Spyware Protection policy scan settings

Symantec Endpoint Protection Manager
includes three default policies:
  • Virus and Spyware Protection Balanced policy
  • Virus and Spyware Protection High Security policy
    The High Security policy is the most stringent of all the preconfigured policies. You should be aware that it can affect the performance of other applications.
  • Virus and Spyware Protection High Performance policy
    The High Performance policy provides better performance than the High Security policy, but it does not provide the same safeguards. The policy relies primarily on Auto-Protect to scan files with selected file extensions to detect threats.
The basic Virus and Spyware Protection policy provides a good balance between security and performance.
Virus and Spyware Protection Balanced policy scan settings
Setting
Description
Auto-Protect for the file system
Enabled
Download Insight malicious file sensitivity is set to level 5.
The Download Insight action for unproven files is
Ignore
.
Auto-Protect includes the following settings:
  • Scans all files for viruses and security risks.
  • Blocks the security risks from being installed.
  • Cleans the virus-infected files. Backs up the files before it repairs them. Quarantines the files that cannot be cleaned.
  • Quarantines the files with security risks. Logs the files that cannot be quarantined.
  • Checks all floppies for boot viruses. Logs the boot viruses.
  • Notifies the computer users about viruses and security risks.
Auto-Protect for email
Enabled
Other types of Auto-Protect include the following settings:
  • Scans all files, including the files that are inside compressed files.
  • Cleans the virus-infected files. Quarantines the files that cannot be cleaned.
  • Quarantines the files with security risks. Logs the files that cannot be quarantined.
  • Sends a message to the computer users about detected viruses and security risks.
SONAR
Enabled
  • High risk heuristic detections are quarantined
  • Logs any low risk heuristic detections
  • Aggressive mode is disabled
  • Show alert upon detection
    is enabled
  • System change detection actions are set to Ignore.
  • Suspicious behavior detection blocks high risk threats and ignores low risk threats.
Administrator-defined scans
The scheduled scan includes the following default settings:
  • Performs an active scan every day at 12:30 P.M. The scan is randomized.
  • Scans all files and folders, including the files that are contained in compressed files.
  • Scans memory, common infection locations, and known virus and security risk locations.
  • Cleans the virus-infected files. Backs up the files before it repairs them. Quarantines the files that cannot be cleaned.
  • Quarantines the files with security risks. Logs the files that cannot be quarantined.
  • Retries missed scans within three days.
The on-demand scan provides the following protection:
  • Scans all files and folders, including the files that are contained in compressed files.
  • Scans memory and common infection locations.
  • Cleans the virus-infected files. Backs up the files before it repairs them. Quarantines the files that cannot be cleaned.
  • Quarantines the files with security risks. Logs the files that cannot be quarantined.
The default Virus and Spyware High Security policy provides high-level security, and includes many of the settings from the Virus and Spyware Protection policy. The policy provides increased scanning.
Virus and Spyware Protection High Security policy settings
Setting
Description
Auto-Protect for the file system and email
Same as Virus and Spyware Protection Balanced policy
Auto-Protect also inspects the files on the remote computers.
SONAR
Same as Virus and Spyware Protection Balanced policy but with the following changes:
  • Blocks any system change events.
Global settings
Bloodhound is set to Aggressive.
The Aggressive option is likely to produce more false positives. This option is only recommended for advanced users.
The default Virus and Spyware Protection High Performance policy provides high-level performance. The policy includes many of the settings from the Virus and Spyware Protection policy. The policy provides reduced security.
Virus and Spyware Protection High Performance policy settings
Setting
Description
Auto-Protect for the file system
Same as Virus and Spyware Protection Balanced policy but with the following changes:
  • Download Insight malicious file sensitivity is set to level 1.
Microsoft Outlook Auto-Protect
Internet Email Auto-Protect*
Lotus Notes Auto-Protect*
* Only available for client versions earlier than 14.2 RU1
Disabled
SONAR
Same as Virus and Spyware Protection Balanced policy with the following changes:
  • Ignores any system change events.
  • Ignores any behavioral policy enforcement events.
Administrator-defined scans
Same as Virus and Spyware Protection Balanced policy.