Understanding real-time protection options

 

Updated: April 1, 2012

Applies To: System Center 2012 Configuration Manager, System Center 2012 R2 Configuration Manager, System Center 2012 Endpoint Protection SP1, System Center 2012 Configuration Manager SP1, System Center 2012 Endpoint Protection, Windows Intune, Forefront Endpoint Protection, System Center 2012 R2 Endpoint Protection

You can choose the software and settings that you want Endpoint Protection to monitor, but we recommend that you turn on real-time protection and enable all real-time protection options. The following table explains the available options.

Real-time protection option

Purpose

Scan all downloads

This option monitors files and programs that are downloaded, including files that are automatically downloaded via Windows Internet Explorer and Microsoft Outlook® Express, such as ActiveX® controls and software installation programs. These files can be downloaded, installed, or run by the browser itself. Malicious software, including viruses, spyware, and other potentially unwanted software, can be included with these files and installed without your knowledge.

Using the real-time protection option, Endpoint Protection monitors your computer all the time and checks for any malicious files or programs that you may have downloaded. This monitoring feature means that Endpoint Protection doesn't need to slow down your browsing or e-mail experience by requiring a check of any files or programs you may want to download.

Monitor file and program activity on your computer

This option monitors when files and programs start running on your computer, and then it alerts you about any actions they perform and actions taken on them. This is important, because malicious software can use vulnerabilities in programs that you have installed to run malicious or unwanted software without your knowledge. For example, spyware can run itself in the background when you start a program that you frequently use. Endpoint Protection monitors your programs and alerts you if it detects suspicious activity.

Enable behavior monitoring

This option monitors collections of behavior for suspicious patterns that might not be detected by traditional antivirus detection methods.

Enable Network Inspection System

This option helps protect your computer against “zero day” exploits of known vulnerabilities, decreasing the window of time between the moment a vulnerability is discovered and an update is applied.