I was just wondering what your thoughts were on "On-Access Default Processes Policies" and whether to scan writing files to disk? I have disabled this and users now see a big improvement. It seems if "read" is left then it still picks up my test virues.
The choice is obviously yours, but I would strongly recommend not disabling scan on reads. Generally speaking scan on writes has a higher performance hit than scan on reads, so if the reason for disabling one is performance related I'd disable scan on writes. Ideally though I'd have both enabled.