Hi Rojopipe,
Use the following guidelines to configure SEP on CSP systems:
• If no prevention policy or a 'disabled' prevention policy is in use, full 'real-time' anti-virus is still definitely recommended.
• With the 'core' prevention policy in full prevention mode, 'real-time' anti-virus becomes less important, but still a good idea. The 'core' policy locks down the main attack points that viruses and hacking attacks use, but any application that is not specifically called out by the policy operates as a 'safe' application - i.e. it can still modify executables and infect a system.
• With a 'strict' or 'limited execution', the system is significantly protected against threats, so 'real-time' AV protection is not needed as much. No application can be changed or modified without either user intervention or modification by a privileged app (i.e. software distribution tool). Turning off SEP AutoProtect ('real-time' protection) would improve file access performance and reduce memory impact.
• For 'core', 'strict' and 'limited execution' I would still recommend AV with at least regular file scans (scheduled or manual scan), just to make sure no infected files linger around on a system. Otherwise infected files could be dropped on the system in lesser protected locations (assuming they are not executable files) and end up being 'distributed' to other users download these files - a particularly likely case for sharepoint, file servers and web servers. Office files would be good examples of files that could be infected but would not be controlled/blocked by SCSP, but would be caught by AV.
Also consider the following benefits that SEP provides when installed on the same system as CSP:
1. Cleans systems regardless of how they’ve been infected once the signatures are up to date.
2. Protects against the types of attacks that are “normal behaviors” in CSP’s various Behavior Controls. One example is a Word macro virus that just wants to be malicious and delete all of the files on your system.
Hope it helps and please mark the comment that answers your questions as solution!