This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

If we disable 'Live Protection' and 'Real Time Scanning' is the Threat Protection policy effectively disabled?

We have a few policies in our setup... This particular Threat Protection policy, has both "Live Protection" and "Real-time Scanning" disabled. Scheduled scan is also disabled.

Does this effectively mean the AV/Threat Protection side of things are disabled to computers/groups that have this policy assigned?

 



This thread was automatically locked due to age.
  • Hello Vini,

    first of all, there's sometimes a misunderstanding regarding Live Protection vs. Real-time Scanning. Live Protection means that if necessary the Cloud is queried for the very very latest protection data - this can apply to a Scheduled Scan or Real-time Scanning. The latter used to be called On-Access Scanning, apparently this (Sophos) term has been dropped (perhaps in order to facilitate comprehension) in favour of the term real-time commonly used by other vendors. IMO Live Protection is much more prone to be misunderstood than On-Access Scanning - but this is just my opinion ...

    Thus: Turning off Real-time Scanning means there's no proactive or "just in time" protection, any file can be opened or executed, there's effectively no protection - definitely not recommended, especially for desktops (that there's no scheduled scan doesn't really matter).

    Christian

  • Thanks for that clarification @QC, it was useful!

     

    So in short, the fact we have;

     

    -Live Protection, Off

    -Real-time Scanning, Off

    -Scheduled Scanning, Off 

     

    effectively means this Policy, when applied is doing "not a lot" on the Anti-Virus front? All exceptions are being ignored, because there's no "real-time scanning" in place to check for exceptions...

  • Hello Vini,

    correct, though I think that checking for exceptions is not an AV's main purpose [;)]

    Christian