locked
FCS Scan starts when user connects to servers via RDP RRS feed

  • Question

  • We have a bizarre one here. We have FCS deployed at one of our sites and recently we noticed that when you connect to any server via RDP a FCS scan starts straight away. This is having a serious impact on the production servers and VMs. Scans are scheduled to run at 5am.

    If you open the console of the VM the scan doesn't start.

    Has anyone seen this behavior?

    Saturday, March 24, 2012 10:57 AM

Answers

  • Hi Kins,

    Based on my knowledge, if Group Policy “Set Windows File Protection scanning” has been set to "Scan during startup", then the system will scan files each time you start the system. Please check if the affected user is in such a Group which set "Scan during startup" group policy.

    =======================

    Policy
    Set Windows File Protection scanning

    Category Path Computer Configuration\Administrative Templates\System\Windows File Protection\

    Registry Key HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection

    Value Sfcscan

    Explanation

    Determines when Windows File Protection scans protected files. This setting directs Windows File Protection to enumerate and scan all system files for changes.

    You can use this setting to direct Windows File Protection to scan files more often. By default, files are scanned only during setup.

    To use this setting, enable the setting, and then select a rate from the "Scanning Frequency" box.

    -- "Do not scan during startup," the default, scans files only during setup.

    -- "Scan during startup" also scans files each time you start Windows XP. This setting delays each startup.

    Note: This setting affects file scanning only. It does not affect the standard background file change detection that Windows File Protection provides.

    Detailed values:

    enum: Id: WFPScanList; ValueName: Sfcscan

    item: decimal: 0 => Do not scan during startup

    item: decimal: 1 => Scan during startup

    ========================

    Also, if possible, please do the tests below to narrow down the issue:

    -When the scan starts next time when you RDP to a VM, please wait for the scan ends. Then shutdown the VM and then reconnect the VM via RDP to check if the scan starts again.

    -Please cancle the scheduled scan running at 5am and see if the issue persists.

    Best Regards,

    Ruby Cheng


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Marked as answer by Rick Tan Thursday, April 5, 2012 1:30 AM
    Monday, March 26, 2012 9:11 AM

All replies

  • Hello,
     
    Thank you for your question.

    Haven't seen it before. If the issue occurs on just one server, please reinstall FCS on this server.
    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
     
    Regards


    Rick Tan

    TechNet Community Support

    Monday, March 26, 2012 8:06 AM
  • Hi Kins,

    Based on my knowledge, if Group Policy “Set Windows File Protection scanning” has been set to "Scan during startup", then the system will scan files each time you start the system. Please check if the affected user is in such a Group which set "Scan during startup" group policy.

    =======================

    Policy
    Set Windows File Protection scanning

    Category Path Computer Configuration\Administrative Templates\System\Windows File Protection\

    Registry Key HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection

    Value Sfcscan

    Explanation

    Determines when Windows File Protection scans protected files. This setting directs Windows File Protection to enumerate and scan all system files for changes.

    You can use this setting to direct Windows File Protection to scan files more often. By default, files are scanned only during setup.

    To use this setting, enable the setting, and then select a rate from the "Scanning Frequency" box.

    -- "Do not scan during startup," the default, scans files only during setup.

    -- "Scan during startup" also scans files each time you start Windows XP. This setting delays each startup.

    Note: This setting affects file scanning only. It does not affect the standard background file change detection that Windows File Protection provides.

    Detailed values:

    enum: Id: WFPScanList; ValueName: Sfcscan

    item: decimal: 0 => Do not scan during startup

    item: decimal: 1 => Scan during startup

    ========================

    Also, if possible, please do the tests below to narrow down the issue:

    -When the scan starts next time when you RDP to a VM, please wait for the scan ends. Then shutdown the VM and then reconnect the VM via RDP to check if the scan starts again.

    -Please cancle the scheduled scan running at 5am and see if the issue persists.

    Best Regards,

    Ruby Cheng


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Marked as answer by Rick Tan Thursday, April 5, 2012 1:30 AM
    Monday, March 26, 2012 9:11 AM