Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
SCEP 2012 clients kicking off random scans

Proposed Answer SCEP 2012 clients kicking off random scans

  • Tuesday, December 18, 2012 4:40 PM
     
     
    Sign In to Vote
    0

    We have an SCCM 2012 environment with SCEP 2012 recently deployed. We have a policy in place that does weekly full scans on Tuesdays at 12AM.  The client machines are 64 bit Windows 7.  We are seeing some random computers kicking off Full scans at various points in the day.  We thought that initially there were viruses on these machines and that was causing the scans, but according to the EP console, they do not have any type of virus or malware.

    Any ideas?

     

All Replies

  • Tuesday, December 18, 2012 5:28 PM
     
     
    Sign In to Vote
    0
    There used to be an option if FEP to randomise the start time...maybe a similar option is enabled in SCEP?

    Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

     
  • Tuesday, December 18, 2012 6:14 PM
     
     
    Sign In to Vote
    0
    There is an option for that.  But it only randomizes it by 30 minutes of the scheduled time to alleviate network congestion.  We are seeing scans kick off, let's say for example, at 8AM after it already ran a full scan at midnight.
     
  • Thursday, December 20, 2012 7:47 AM
    Moderator
     
     Proposed Answer
    Sign In to Vote
    0

    Hi,

    Thank you for the post.

    According to this article, Scans may begin within two hours of the scheduled time you select. Exact scan times are randomized to reduce strains on network traffic. if you want to configure SCEP clients to start scheduled scan as scheduled on time, you may set the “RandomizeScheduleTaskTimes” (DWORD) under the antimalware root registry key to 0. For SCEP the root is probably HKLM\Software\Microsoft\Microsoft Antimalware.

    Regards,

    Nick Gu - MSFT

     
  • Friday, December 21, 2012 5:26 PM
     
     
    Sign In to Vote
    0
    Has this issue been resolved yet? I am having the exact same problem. Our policy is set for weekley full scan on Friday night at 7:00pm (randomized for 30 from start time) and a daily quick scan after 5pm. I am seeing some EP clients kicking off a full scan every night at random times like 12:00am, which is not the policy at all.  Because it is not affecting all clients could it be that at one time there was a detection on those clients and now they are subject to a scan every night?  The two clients having the issue that I know of both had detections in the past.
     
  • Thursday, January 03, 2013 5:51 PM
     
     
    Sign In to Vote
    0

    No, unfortunately it has not.  We just had another one yesterday.  The policy that this user/machine fall under is set to scan at 12:00AM  on Tuesday(as stated above), which it did perform the full scan.  But then it kicked off another scan at 3PM yesterday, well outside the 30 minute randomization schedule.

    I may be placing a call into MS.

     
  • Thursday, February 28, 2013 6:14 PM
     
     
    Sign In to Vote
    0

    I see the same behaviour in my environment as well.

    Scans are kicking off well before (hours) and well after (hours) the scheduled scan time and randomization window.

    My boss wants to know why. What do I tell him?

     
  • Thursday, February 28, 2013 6:16 PM
     
     
    Sign In to Vote
    0

    Nick,

    You both proposed this as the answer to the issue presented and you marked it as the answer.

    You need to undo this action as the problem is not fixed nor explainable.

    I would think that the person who proposes a post as the answer should not be allowed to mark it as such.

    Thanks!