Have a client who for the past 6 months has not been using any sort of administrative scheduled scans because of the enourmous performance impact it was having on users being able to effectively use their desktops. I recently enabled these administrative scans again coupled with a WOL job so that it is all done in the wee hours of the morning. Around 80% of all SEP clients ran the scan as scheduled, which considering there is a significant portion of users that have laptops and I only applied this scan to those clients connected to the corporate network is a decent result I think (it even picked up a trojan that the active scanner had missed).

I do have a few questions though;

1) When configuring the scheduled scan I ensured I unticked the retry checkbox in the missed scheduled scan section. I did this because under no circumstances did I want full scans being done during business hours, however dispite this there are a handful of SEP clients that did not kick off their scan until around 9am which is 7 hours after their scheduled start time. Why is this and how can I ensure that if SEP clients don't kick off the scan at anything other than the scheduled time?

2) When in the SEPM console in the clients tab, the sorting seems to be incorrect. When I view a group with the protection technology view and then sort on the last scan time, it appears to sort on day, then month then by year rather by sorting by the date as a whole. For isntance I have the last scan time sorted in ascending order and the last scheduled scan for most clients was on 17/03/10, however I have dates such as 17/11/09 & 21/01/10 further down the list than the scans performed this morning.

3) Again, when in the SEPM console in the same section and view as described above, the last scan time appears to be from when the scan commenced. When I run a report though from the reporting tab the last scan time appears to be from when the scan completed. Why would this last scan time be reported inconsistently across the management console?

Thanks