Endpoint Protection

 I have v11.0.4014.26 installed on our domain. The group that all of the client PCs are in has a policy with a full scan scheduled for 4:00 am.
However some of the client PCs also run an apparently scheduled scan at 3:00 pm.
There are no scans scheduled on the clients apart from the one that is supposed to run at 4:00 am, which can't be edited by users.
Where is the phantom scan coming from and how do I stop it?

hi,
are these some cleint PC's shut while during the scheduled scan and boot at 3 PM ? There is settngs if the scheduled scan is missed (Missed event), then initiate when the machine is available.
Is there any location awareness policy?

Also you can check in the client GUI for the type of the scan by looking at the icon.

Pete!!

Did you install SEP 11 over SAV 10?
If yes, did you disable the scheduled scans before this?
Anyway there is tool to remove ghost scans in similar situation. I don't have it.

Maybe your issue is well described in this document:
service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008020707573048

There is the tool I mentioned above. Try it in a client, it does not seem dangerous or invasive.

Thanks for the replies Pete and Giuseppe.

The PCs run 24/7 and the scheduled 4:00 am scan runs on time.
The 4:00 am scan is the only one showing in the GUI. I'm not sure what you mean by a location awareness policy Pete.
They didn't have an earlier version installed. I had a look at the registry but none of the keys mentioned in the document exist on the clients.
I was going to try the tool anyway but I couldn't see a way to get it from Tech Support without paying to open a case.

I think I should just reinstall SEP on one of the clients and see if that fixes it.