DavidR
4
My personal opinion is you would be less well protected.
Logically, waiting to the last opportunity (check on open) to check a file which has been downloaded or modified (created/modified) gives only a single line of defence. But checking created/modified and then by default it would also be scanned on opening, give a second layer to your defence.