Endpoint Protection

We have Active Scan (startup scan) DIS-abled within our policies for network PCs etc.

Yet it still appears to run even though it is turned off within policy (un-checked) and even disable client-side on one PC (mine I originally installed with the Active Scan turned off, it started nice and fast, then I turned it on, noticeably slowed its startup, this is unchanged after disabling it).

How can I verify that this scan is running even though it's not supposed to do so, and is there any way I can force it to not run on startup??

I could re-set up the client installers but that is a pain...

Thank you, Tom

disable as per this document; update the policy clients should take new policy and stop scanning

http://www.symantec.com/business/support/index?page=content&id=TECH103044&locale=en_US

check this too

http://www.symantec.com/connect/forums/disabling-auto-startup-scans-and-default-scans-running

I read the first document link you sent...we already HAD 'run startup scans when users log in' UN-checked (disabled) and we already HAD 'run an active scan when new definitions arrive' UN-checked (disabled) but 'allow users to modify startup scans' was still checked -- I have since UN-checked, could this be the problem??

I think the reason the active scans were/are still running on my PC is that I had not changed the clients policy applicable to my computer -- do server-side policies always take precedence over client-side settings??

Thank you, Tom

Tom,

there is nothing  like client and server in sepm

manger is server all other servers/desktops are clients

you need to update policy on all your clients

once done u can see the new policy change number under sep-console=help and support-troubleshooting

allow modify startup scan should be the culprit..

By Default Client is in Server Control mode. So server side settings gets the precedence.

MY notebook plus only one other PC are in client-side control mode, not server control mode.

Rafeeq may be right, that checked grayed out item (allow client to affect/control active scan) may be the problem, I will test soon hopefully on a client in that group...

Testing on my notebook worked as expected...but I do need to know if when SEP is in client control mode whether server-side policy takes precedence over any settings changes client-side (on my PC)...to me client-side means I open SEP client from start menu and change settings like active scan off or on, folder exclusions, etc.

Thank you...

server side is only admin has control what can be modified on the clientside

client control full acess meANS CLIENT CAN change anything on the sep console

Thank you, but with Active Scan = ON in client policy on server, then Active Scan = OFF within client (client control full access), the Active Scan was still running, though client-side (in my PC) it had been turned OFF in 'Scan for threats' section...why did server-side policy take precedence??

Thank you, Tom

when client talk to the server , it will take policy configured on the server, this is why we have small lock or check box in the sepm window.

For the group and policy applicable to my PC, nothing is locked, everything is allowed to be changed within the client app on my PC.

I will soon test it the other way -- server policy says no active/startup scan, client says yes active/startup scan, see what happens.

Thank you, Tom