Endpoint Protection

 View Only

  • 1.  Can a managed client be set up to scan on its own when not connected to the network that the management server is on?

    Posted Oct 16, 2009 12:46 PM
    Can a managed client be set up to scan on its own when not connected to the network that the management server is on? Trying to set up a laptop that still reports back to the management server when it is connected to the business network. It also needs to be able to kick off its own scans and updates as it will only be connected to the business network occasionally. I have made a policy for both the live update and the scan settings that I would like but it does not appear to be scanning. The laptop is currently configured as a managed client.


  • 2.  RE: Can a managed client be set up to scan on its own when not connected to the network that the management server is on?

    Posted Oct 16, 2009 12:57 PM
    A scheduled scan for AV should address the scanning portion.  A heartbeat set to a low enough of a period for the group should also allow the client to communicate with the SEPM when it does connect to your network.


  • 3.  RE: Can a managed client be set up to scan on its own when not connected to the network that the management server is on?

    Posted Oct 16, 2009 01:20 PM
     When a scheduled scan is set the settings are stored in the client registry locally.
    So even if the client is not connected to SEPM it will run the scan on schedule.
    Check your scan settings and see if it is set to "show scan progress"



  • 4.  RE: Can a managed client be set up to scan on its own when not connected to the network that the management server is on?

    Posted Oct 16, 2009 01:32 PM
    Ideally the policy is stored locally on the Cleint So the Schedule scan should run on the machine if it is no connected to the network.

    You can go to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\LocalScans\23df55b8-ac10-0167-000d-c6368d44907f\Schedule\DayOfWeek

    This will show the date when the scan i set.

    Hope this helps


  • 5.  RE: Can a managed client be set up to scan on its own when not connected to the network that the management server is on?

    Posted Jan 22, 2010 05:28 PM
    Had a client in our datacenter who installed SEPP on all of his customer webs servers, and due to network design constraints, they could not communicate with each other and so the SEPP manager was not installed. Scan jobs were setup. After a while we noticed that the jobs only ran when we were logged in to do the maintenance. Seems jobs are starten unde the logged in username/session, not the system account.
    We worked around it by always keeping at leest ons session active; not 'log off' but 'disconnect'

    Might be different in the latest versions of SEPP though, haven't tested that


  • 6.  RE: Can a managed client be set up to scan on its own when not connected to the network that the management server is on?

    Posted Jan 23, 2010 12:15 AM
    As the previous posters mentioned  once if you set the scan It is stored locally in the registry .So even it is not connected to SEPM also the scan should happen.First you assure that after setting up the scan in server it is got reflected in the client.The creation of a new scan or editing a scheduled scan is a policy change so you can check the policy sl. no. 
    ---------------------------------------------------------------------------------------------------------------------------------------
    If you want your client has to receive updates even it is not connected to SEPM do as mensiond in the below doc
    How to configure mobile computers to automatically download virus definitions when disconnected from the Symantec Endpoint Protection Management console