1 of 1 people found this helpful
7-8 years ago support would often advise customers to switch off scan on read. Unfortunately it's somewhat common that scan setting configurations are carried forward as VSE is upgraded without ever reviewing whether or not these settings are good enough to deal with the current threat landscape.
In answer to your question I would absolutely not recommend you switch this setting off for all processes. The risk is huge, and I have dealt with many outbreaks on customer sites where having the setting disabled has been a contributory cause of both the outbreak and pain during the cleanup. As you know, for malware to get into memory nothing has to be written to the drive.
All is takes is a user plugging in a USB key with an infected file on and potentially your entire network is infected. If you're hit with something new that gets into memory for which we subsequently provide you a DAT file the machine can literally be riddled as OAS detections will only occur when any new files are written. Containing an outbreak in this scenario can be difficult if not impossible.
What's better is to use the high and low risk processes options and configure them accordingly - that way you can control scanning depending on which process touches the file - see KB55139 and KB58692 for more information about this. Be very careful with exclusions too, as they are often inherited from version to version and never reviewed.
Support can provide you with the VSE 8.5i best practice guide (the advice within very much applies with 8.7i), and if you're interested our professional service team also offer a healthcheck where they can come in and go over your configuration with you.
I hope this helps,