Choose activities on files that will trigger Real-time Scan. Select from the following options:
Scan files being created/modified: Scans new files introduced into the endpoint (for example, after downloading a file) or files being modified
Scan files being retrieved/executed: Scans files as they are opened
Scan files being created/modified and retrieved/executed
For example, if the third option is selected, a new file downloaded to the endpoint will be scanned and stays in its current location if no security risk is detected. The same file will be scanned when a user opens the file and, if the user modified the file, before the modifications are saved.