Really sorry, wrong forum!

Please remove!!

Moved to right one .. 

This was posted under Endpoint Encryption..so moved to Symantec Endpoint Protection

Post the comment to the right forum your concerns will be answered properly

Not sure if you have already got the queries answered.

For the first issue, try diabling the retry activity for scans (Run as missed events) . Also, if you upgraded from a previous version like SAV 10, there are chances that scans from previous versions are still active on some systems. Check the registry entries for the same,

The second query has been raised by many people. During the initial deployment, you would not see any package under this "Installation packages" tab. That is used when you upgrade your version of SEP 11 (say from MR3 to MR4). You can add upgrade packages under that tab for a group of clients. 

I'm not sure about this but, did you set any randimization for scheduled scans (if there is any option allowing to do so) ? Just check, I cannot be sure about it. and no question is daft, feel free...

Answering your first question requires a little more info to be completely accurate. To start there are many different kinds of scans that can be triggered by a client running SEP. For instance you can have a scan that runs on startup or a scan that runs at a particular time ect ect. But the scheduled scans that you are referring to should not happen until the time you specify so if you are seeing scans earlier than that time make sure they are not a different scan that is running. Also just to be completely clear when you have a scan that is scheduled to run at 6 and that computer is off at that time then the scan won't run until the computer is turned on again. So this might be something to considered when looking at why scans don't run at the time you think. Also take a look at your randomized settings (suggested above) to see how many hours you have set the scan to randomly start in. Really just take a look at the different kinds of scans and the settings you can change for them. This will really be your best answer and also will give you a good feel for exactly what SEP can do.

Cheers
Grant

I've checked there's no randomization option. so don't bother with my post above :)

One other thing to be aware of is that clients can be configured to run an active scan when new virus definitions arrive.  This setting can be found in your antivirus and antispyware policy settings in the advanced tab for administrator defined scans.  I think the default setting is for clients to run an active scan when new definitions arrive.  This can occur several times a day and may be the reason for the scans you are seeing. 

Do you have retry missed scan schedule?

Whats the latest on this. How are things going?

I am having the same problem.   We've upgrade from Notron Anti-Virus Corporation 9.3 to SEP 11 MR4 MP2.   Then I see some client having this random scan problem.  I've checked the registry on these client PC and did not see any old scan schedules is available.  All of these PC is having a schedule scan on the time set by me, they didn't missed any schedule scans.  In fact, this scan is purely randomize, as far I can see, 1. it starts right after a schedule system scan, 2. start scans right after a user login to the network, 3. start scans any time during the day.  There is only 1 anti-virus scanning policy in our network.  I've verified the setting to make sure that the "do not scan when a user login", "do not scan when new definition arrives" is enabled, "retry scan" setting is set to "1 hour".  Any help is appreciated.  Thank you. 

Run SymRmvScan

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008070711521548

Thank you Prachand.  I've called Symantec and got a copy of the "SymRmvScan" tool, haven't have a chance to use it yet.  I will post the result next week. 

Run the "SymRmvScan" tool, but no luck.  Random system scan re-occurs.   Waiting reply from Symantec on this problem.