Endpoint Protection

I have several managed workstations that run the scan upon startup when its not supposed to run until the weekend.  The other workstations run the scan according to the policy which is once a week on the weekend.  thanks in advance for your input

Try look here

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007120615243648?Open&seg=ent

Disable those you don't want.

Which build/builds are you running.  I saw this on some of my machines in mr2 but I havent seen it since MR4

i think im running mr4..where can i check to verify.

i have already check the startup options...but nothing has changed in the policy and only some workstations run the scan upon startup and others dont.  it doesnt make sense

open the client and go help about.  or you can check it from the SEPM console by changeing he view to client status

Maybe I am stating the obvious. Are these machines off on the weekend? What day is the scan running in the morning when it is suppose to run on the weekend? Is there any change in the configurations of those machines that run the scan vs those that don't. For example maybe the ones that don't are remote computers that connect via VPN or something. Just some background as to why I am asking this. If the scans don't run for whatever reason in the time that you told them too (for instance they are off) then the full scan will get ran the next time the computer is on the network. To check what version you are running go to any one of the clients and double click on the SEP icon in the system tray. This brings up the SEP client window. Then click on help and support in the upper right corner and about. Under where it says Symantec Endpoint Protection will be a version number. Please post that.

Cheers
Grant

version 11.0.4000.2295 I have desktops and laptops that both run upon startup.  Clients turn off their pcs before they go home and the following morning when they turn on the pc, the scan runs automatically.  I recently was able to allow the clients to stop the scan when it runs whereas before, you were not able to stop it from running.  Some users dont know how to stop the scan and they get very annoyed when it starts to scan every morning. 

 Right well if this is what you are asking, the client machines have to be on for the full scan to run. There are a couple of things you can do though. One option that a lot of people use is to run the full scan during lunch hrs. That way the full scan gets run, and your users are not taking the performance hit that comes along with full scan. The other option is to leave the computers on one night a week and run the full scan at like 8:00 PM or something. I know this is rough on power consumption but there is a trade-off between this and making your users mad by running the full scan on start up. Also you shouldn't allow your users to "stop" the scan in the morning if they do happen to miss it. Instead you should give the the option of hitting the snooze button. There is a forum started about that topic already and I will post that link below. This snooze is how users can postpone the scan but not stop it. You can set this to postpone for as many hrs as your want, and you can let them hit snooze as many times as you want. You just don't want them not getting the full scan. 

Also I want to ask exactly how many times you are running this full scan. Suggested is at least once a week depending on your environment. So if you are doing it every night this is overkill. That link is found here https://www-secure.symantec.com/connect/forums/random-retry-times-missed-scans . I also would like to bring to your attention that I suggested the idea of an automatic shutdown of computers after the scan is complete. This is a good way to do it in my opinion so you should go vote yes on that in our ideas section of this website if you would like to see this implemented in the future. 

Cheers
Grant

This is what i found for u
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007120615243648?Open&seg=ent

@shrnndz2: Hi..

SEP 11.0.4 MR4 already have the option for admins to set snooze for users to use rather than stopping the scan as per link:
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/185541de812fa51f882573fd006b530e?OpenDocument

Another is Configuring snooze options for scheduled scans as per KB article below :
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/9a1e2820ec25fbf288256d1600584726?OpenDocument

hope this helps...


thanks...

 Is this is a upgrade from previous version where you had a policy for daily scans?
Sometimes when you upgrade few registry entries do not get deleted most of the times due to permissions issue.
As every polci yyou make registry vlaue is created  for it.
So it might be a case that a old scan policy is running with new scan policy.

Check this registry location on any client and check if you see any addtion scan running

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\LocalScans\

The scan name would be something like this :5df13630-79f7-4c70-002b-16b8952f5533

and it gives the details when it wil run and what type of scan it is.