Scan Methods

Security Agents can use one of two scan methods when scanning for security threats.

  • Smart scan: Security Agents that use smart scan are referred to as smart scan agents in this document. Smart scan agents benefit from local scans and in-the-cloud queries provided by File Reputation Services.

  • Conventional scan: Security Agents that do not use smart scan are referred to as conventional scan agents. A conventional scan agent stores all components on the endpoint and scans all files locally.

The following table provides a comparison between the two scan methods.

Table 1. Conventional Scan and Smart Scan Compared

Basis of Comparison

Conventional Scan

Smart Scan

Scanning behavior

The conventional scan Security Agent performs scanning on the endpoint.

  • The smart scan agent performs scanning on the endpoint.

  • If the Security Agent cannot determine the risk of the file during the scan, the Security Agent verifies the risk by sending a scan query to the Scan Server (for Security Agents connected to the Smart Scan Server).

    Note:

    The Scan Server is a service running on the Smart Scan Server.

  • The Security Agent "caches" the scan query result to improve the scan performance.

Components in use and updated

All Security Agent components available on the update source, except the Smart Scan Agent Pattern

In addition to the Smart Scan Agent Pattern, the Mac Security Agent also does not use the Mac Heuristic Pattern during Conventional Scan

All components available on the update source, except the Virus Pattern

Typical update source

ActiveUpdate Server

ActiveUpdate Server
Parent topic: Policy Settings