none
Defender - Scheduled scan settings RRS feed

  • Question

  • Hello,

    We are currently testing Windows 10 in our enterprise. Our Windows 7 clients have a scheduled full scan through Endpoint Protection that scans every Wednesday at 11am. I have created a new policy in SCCM for the Windows 10 with the same settings. The policy is applying to the machines (shows in registry, GPEdit, etc), but is not starting the full scheduled scan at 11am on Wednesdays. Apparently, Quick Scans are set to automatically run on a daily basis, determined by the Automatic Maintenance schedule that is built into Win10. Would anyone know why the scheduled scan policy is in place, but not taking effect?


    Thanks!

    Monday, April 11, 2016 6:10 PM

Answers

  • Hi, 

    Have you installed Windows 10 ADMX before configure GP on your domain? 

    ADMX for Windows 10: 

    https://www.microsoft.com/en-us/download/details.aspx?id=48257

    It seems that there are new GP in Windows 10 to configure the scan scheduler: 


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by FronzJ Tuesday, April 12, 2016 5:57 PM
    Tuesday, April 12, 2016 4:28 PM
    Owner

All replies

  • What scan is running daily? Defender or the Endpoint protection? (what Endpoint protection is that?)

    The Defender info can be viewed from the PowerShell commands;

    Get-MpComputerStatus

    Get-MpPreference

    Is Defender still enabled (AntivirusEnabled under the status command)?

    The maintenance can be viewed from searching start for maintenance, opening Security and Maintenance. Expand Maintenance and select Change maintenance settings, set to 2am by default for me.

    Monday, April 11, 2016 10:38 PM
  • Windows Defender is enabled and is the scan that is running daily. I am apprehensive about changing the maintenance Window, as I have read that it can have unintended consequences, especially in an environment with 5,000+ devices. I've included the Powershell logs below. Thank you for the reply!

    AMEngineVersion                 : 1.1.12603.0

    AMProductVersion                : 4.8.10240.16384

    AMServiceEnabled                : True

    AMServiceVersion                : 4.8.10240.16384

    AntispywareEnabled              : True

    AntispywareSignatureAge         : 0

    AntispywareSignatureLastUpdated : 4/11/2016 2:16:36 PM

    AntispywareSignatureVersion     : 1.217.1113.0

    AntivirusEnabled                : True

    AntivirusSignatureAge           : 0

    AntivirusSignatureLastUpdated   : 4/11/2016 2:16:36 PM

    AntivirusSignatureVersion       : 1.217.1113.0

    BehaviorMonitorEnabled          : True

    ComputerID                      : A614D084-AF3D-41FD-8E51-5AA8B5B23FF4

    ComputerState                   : 0

    FullScanAge                     : 0

    FullScanEndTime                 : 4/11/2016 4:19:15 PM

    FullScanStartTime               : 4/11/2016 3:19:14 PM

    IoavProtectionEnabled           : True

    LastFullScanSource              : 2

    LastQuickScanSource             : 0

    NISEnabled                      : True

    NISEngineVersion                : 2.1.11804.0

    NISSignatureAge                 : 0

    NISSignatureLastUpdated         : 4/11/2016 3:33:06 PM

    NISSignatureVersion             : 115.44.0.0

    OnAccessProtectionEnabled       : True

    QuickScanAge                    : 4294967295

    QuickScanEndTime                :

    QuickScanStartTime              :

    RealTimeProtectionEnabled       : True

    RealTimeScanDirection           : 0

    PSComputerName                  :

    PS C:\Windows\System32\WindowsPowerShell\v1.0> Get-MpPreference

    CheckForSignaturesBeforeRunningScan           : True

    ComputerID                                    : A614D084-AF3D-41FD-8E51-5AA8B5B23FF4

    DisableArchiveScanning                        : False

    DisableAutoExclusions                         : False

    DisableBehaviorMonitoring                     : False

    DisableCatchupFullScan                        : False

    DisableCatchupQuickScan                       : False

    DisableEmailScanning                          : True

    DisableIntrusionPreventionSystem              : False

    DisableIOAVProtection                         : False

    DisablePrivacyMode                            : True

    DisableRealtimeMonitoring                     : False

    DisableRemovableDriveScanning                 : False

    DisableRestorePoint                           : True

    DisableScanningMappedNetworkDrivesForFullScan : True

    DisableScanningNetworkFiles                   : True

    DisableScriptScanning                         : False

    ExclusionExtension                            : {.oab, .srs}

    ExclusionPath                                 : {%ALLUSERSPROFILE%\NTuser.pol,

                                                    %SystemRoot%\System32\GroupPolicy\Machine\registry.pol,

                                                    %SystemRoot%\System32\GroupPolicy\registry.pol,

                                                    %SystemRoot%\System32\GroupPolicy\User\registry.pol...}

    ExclusionProcess                              : {dsmcsvc.exe, ipscan.exe, lnchpd32.exe, magic.exe}

    HighThreatDefaultAction                       : 2

    LowThreatDefaultAction                        : 2

    MAPSReporting                                 : 0

    ModerateThreatDefaultAction                   : 2

    QuarantinePurgeItemsAfterDelay                : 4

    RandomizeScheduleTaskTimes                    : True

    RealTimeScanDirection                         : 0

    RemediationScheduleDay                        : 0

    RemediationScheduleTime                       : 02:00:00

    ReportingAdditionalActionTimeOut              : 10080

    ReportingCriticalFailureTimeOut               : 10080

    ReportingNonCriticalTimeOut                   : 1440

    ScanAvgCPULoadFactor                          : 20

    ScanOnlyIfIdleEnabled                         : False

    ScanParameters                                : 2

    ScanPurgeItemsAfterDelay                      : 15

    ScanScheduleDay                               : 4

    ScanScheduleQuickScanTime                     : 00:00:00

    ScanScheduleTime                              : 11:00:00

    SevereThreatDefaultAction                     : 2

    SignatureAuGracePeriod                        : 2160

    SignatureDefinitionUpdateFileSharesSources    :

    SignatureDisableUpdateOnStartupWithoutEngine  : False

    SignatureFallbackOrder                        : InternalDefinitionUpdateServer|MMPC

    SignatureFirstAuGracePeriod                   : 1

    SignatureScheduleDay                          : 8

    SignatureScheduleTime                         : 10:00:00

    SignatureUpdateCatchupInterval                : 1

    SignatureUpdateInterval                       : 3

    SubmitSamplesConsent                          : 0

    ThreatIDDefaultAction_Actions                 :

    ThreatIDDefaultAction_Ids                     :

    UILockdown                                    : False

    UnknownThreatDefaultAction                    : 0

    PSComputerName                                :

     

    Tuesday, April 12, 2016 12:04 PM
  • Hi, 

    Have you installed Windows 10 ADMX before configure GP on your domain? 

    ADMX for Windows 10: 

    https://www.microsoft.com/en-us/download/details.aspx?id=48257

    It seems that there are new GP in Windows 10 to configure the scan scheduler: 


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by FronzJ Tuesday, April 12, 2016 5:57 PM
    Tuesday, April 12, 2016 4:28 PM
    Owner