Tuesday, December 18, 2012 4:40 PM
We have an SCCM 2012 environment with SCEP 2012 recently deployed. We have a policy in place that does weekly full scans on Tuesdays at 12AM. The client machines are 64 bit Windows 7. We are seeing some random computers kicking off Full scans at various points in the day. We thought that initially there were viruses on these machines and that was causing the scans, but according to the EP console, they do not have any type of virus or malware.
Tuesday, December 18, 2012 5:28 PM
Tuesday, December 18, 2012 6:14 PMThere is an option for that. But it only randomizes it by 30 minutes of the scheduled time to alleviate network congestion. We are seeing scans kick off, let's say for example, at 8AM after it already ran a full scan at midnight.
Thursday, December 20, 2012 7:47 AMModerator
Thank you for the post.
According to this article, Scans may begin within two hours of the scheduled time you select. Exact scan times are randomized to reduce strains on network traffic. if you want to configure SCEP clients to start scheduled scan as scheduled on time, you may set the “RandomizeScheduleTaskTimes” (DWORD) under the antimalware root registry key to 0. For SCEP the root is probably HKLM\Software\Microsoft\Microsoft Antimalware.
Nick Gu - MSFT
Friday, December 21, 2012 5:26 PMHas this issue been resolved yet? I am having the exact same problem. Our policy is set for weekley full scan on Friday night at 7:00pm (randomized for 30 from start time) and a daily quick scan after 5pm. I am seeing some EP clients kicking off a full scan every night at random times like 12:00am, which is not the policy at all. Because it is not affecting all clients could it be that at one time there was a detection on those clients and now they are subject to a scan every night? The two clients having the issue that I know of both had detections in the past.
Thursday, January 03, 2013 5:51 PM
No, unfortunately it has not. We just had another one yesterday. The policy that this user/machine fall under is set to scan at 12:00AM on Tuesday(as stated above), which it did perform the full scan. But then it kicked off another scan at 3PM yesterday, well outside the 30 minute randomization schedule.
I may be placing a call into MS.
Thursday, February 28, 2013 6:14 PM
I see the same behaviour in my environment as well.
Scans are kicking off well before (hours) and well after (hours) the scheduled scan time and randomization window.
My boss wants to know why. What do I tell him?
Thursday, February 28, 2013 6:16 PM
You both proposed this as the answer to the issue presented and you marked it as the answer.
You need to undo this action as the problem is not fixed nor explainable.
I would think that the person who proposes a post as the answer should not be allowed to mark it as such.