Going through the documentation trying to confirm or deny the following.
When using the Adaptive Threat Protection in Observe mode so that it can learn and build product prevelance, is the system still protected by the standard On-Access Scanner using DAT files? If it is, where is the informaiton located. I have gone through the Help from the ePO console, reviewed the ENS documentation (Help, Prod Guide and Install Guide) but have not found this answer.
The Threat Prevention On-Access Scan behavior is independent of Adaptive Threat Protection Observe mode. If Adaptive Threat Protection is operating in Observe mode, the system remains protected when On-Access Scan is enabled.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center