Endpoint Protection

If no new defs come down, what could a Startup Scan find? Wouldn't the computer be the same as when the computer was shut down? (yes, we scan on access)

We're set for Startup scans after the user logs in and for a quick scan after new defs arrive. LiveUpdate only runs in the early morning when computers are shut off. We're wondering if we lose anything by killing the Startup scan other than a slow startup every day. We're thinking Startup scan is running every day and then a "new defs arrived" scan is running immediately afterwards.

Thanks for any light you can shed on this.

Ray

What if the user installs something before he logs off? The startup scan can catch it in the morning..

Thanks, Paul. Since we're performing real-time scanning on access as well as create, it should be caught upon installation. Almost everyone is a restricted user anyway and cannot install much.

What might catch it is a quick scan after new defs arrive and we are going to leave that active.

Ray

Boot bugs............ something you ran installed or modified the boot sector, might not be caught real-time (been there) but a startup scan checks the boot sector and memory looking for something installed during startup.

In some instances, when a computer has problems, sometimes they need to disable antivirus usually done by your IT for troubleshooting. Startup scans makes sure that that viruses will not run on start up.

We have it set to automatically re-enable after 10 minutes if disabled and do not allow anyone except a select few to have the ability to kill the AV. I haven't had to disable AV for an install since SAV 7.0

Ray