Going through the documentation trying to confirm or deny the following.
When using the Adaptive Threat Protection in Observe mode so that it can learn and build product prevelance, is the system still protected by the standard On-Access Scanner using DAT files? If it is, where is the informaiton located. I have gone through the Help from the ePO console, reviewed the ENS documentation (Help, Prod Guide and Install Guide) but have not found this answer.
The Threat Prevention On-Access Scan behavior is independent of Adaptive Threat Protection Observe mode. If Adaptive Threat Protection is operating in Observe mode, the system remains protected when On-Access Scan is enabled.