Views:
Security Agents can use one of two scan methods when scanning for security threats.
  • Smart scan: Security Agents that use smart scan are referred to as smart scan agents in this document. Smart scan agents benefit from local scans and in-the-cloud queries provided by File Reputation Services.
  • Conventional scan: Security Agents that do not use smart scan are referred to as conventional scan agents. A conventional scan agent stores all components on the endpoint and scans all files locally.
The following table provides a comparison between the two scan methods.

Conventional Scan and Smart Scan Compared

Basis of Comparison
Conventional Scan
Smart Scan
Scanning behavior
The conventional scan Security Agent performs scanning on the endpoint.
  • The smart scan agent performs scanning on the endpoint.
  • If the Security Agent cannot determine the risk of the file during the scan, the Security Agent verifies the risk by sending a scan query to the Scan Server (for Security Agents connected to the Smart Scan Server).
    Note
    Note
    The Scan Server is a service running on the Smart Scan Server.
  • The Security Agent "caches" the scan query result to improve the scan performance.
Components in use and updated
All Security Agent components available on the update source, except the Smart Scan Agent Pattern
In addition to the Smart Scan Agent Pattern, the Mac Security Agent also does not use the Mac Heuristic Pattern during Conventional Scan
All components available on the update source, except the Virus Pattern
Typical update source
ActiveUpdate Server
ActiveUpdate Server
Keywords: smart scan,conventional scan