Overview of Symantec detection

[SBhR]

I have spent all morning searching out an overview of the virus detection process for Symantec Antivirus Corporate Edition 10.1.6: is anyone aware if such an overview exists? Perhaps I am searching the wrong places!
I have been asked to find out:

- when are viruses detected?
(before they are written to the HD or after)

This is because we have a user who got a well known virus (from 2004) in an email, and SAV did not stop her from downloading the attachment to her desktop and running it.

I have skim read through the documentation and have set up clients to be updated every night and run scans when they log in.

Any tips would be most helpful and appreciated!

 

[SteveRoadWarrior]

From my testing, viruses are not written to disk before they're caught by SAVCE. She could have turned off her AV (right click on system tray shield and choose disable; open the AV software and stop real time protection; stop the service, etc).

If her SAVCE was configured for 'outlook protection' or 'Internet Email protection' she should have had another layer of protection.

Another common practice is to scan the email flowing through your mail servers for viruses.