Endpoint Protection

Hello

My company has just moved to symantec endpoint protection and I am in the process of rolling this out to computers in the business.

I have created several client groups with different policies applied (anti virus & anti spyware only).  The one thing that is the same across all these groups is that the weekly scan schedule is set at the same time.

As am relatively new to this software I dont yet know all the in's and out's but most of it is straight forward.

The questions I have are:


As stated, the scheduled scan happens at 6pm every tuesday, however i have had computers running their scans before and after this time.  My PC for one, started scanning wednessday at 2pm although it had been powered off near to the scheduled time due to PAT testing.  Surely my PC should have started scanning when it was next switched on, not 5 hours later?
A colleague's computer also scanned on the wednessday but it is now running another scan today??

All i have done is set the policy on the group of PC's to match what i want to achieve.

Second question, and forgive me if it sounds daft.

On the clients section again, where i have all my computers grouped there is the install packages tab.  I have already pushed out the installation to PC's in this group and they are controlled by the policy which is attached to it.  At the moment i havent got an install package assigned to this group yet i have created and used one via the deployment wizard.  Should i have a package in here or is it only used when new versions are released which are needed to be pushed out??

Sorry if my questions sound daft

Kind regards

Matt

Really sorry, wrong forum!

Please remove!!

Moved to right one .. 

This was posted under Endpoint Encryption..so moved to Symantec Endpoint Protection

Not sure if you have already got the queries answered.

For the first issue, try diabling the retry activity for scans (Run as missed events) . Also, if you upgraded from a previous version like SAV 10, there are chances that scans from previous versions are still active on some systems. Check the registry entries for the same,

The second query has been raised by many people. During the initial deployment, you would not see any package under this "Installation packages" tab. That is used when you upgrade your version of SEP 11 (say from MR3 to MR4). You can add upgrade packages under that tab for a group of clients. 

 

I'm not sure about this but, did you set any randimization for scheduled scans (if there is any option allowing to do so) ? Just check, I cannot be sure about it. and no question is daft, feel free...

Answering your first question requires a little more info to be completely accurate. To start there are many different kinds of scans that can be triggered by a client running SEP. For instance you can have a scan that runs on startup or a scan that runs at a particular time ect ect. But the scheduled scans that you are referring to should not happen until the time you specify so if you are seeing scans earlier than that time make sure they are not a different scan that is running. Also just to be completely clear when you have a scan that is scheduled to run at 6 and that computer is off at that time then the scan won't run until the computer is turned on again. So this might be something to considered when looking at why scans don't run at the time you think. Also take a look at your randomized settings (suggested above) to see how many hours you have set the scan to randomly start in. Really just take a look at the different kinds of scans and the settings you can change for them. This will really be your best answer and also will give you a good feel for exactly what SEP can do.

Cheers
Grant

I've checked there's no randomization option. so don't bother with my post above :)

One other thing to be aware of is that clients can be configured to run an active scan when new virus definitions arrive.  This setting can be found in your antivirus and antispyware policy settings in the advanced tab for administrator defined scans.  I think the default setting is for clients to run an active scan when new definitions arrive.  This can occur several times a day and may be the reason for the scans you are seeing. 

Do you have retry missed scan schedule?

Whats the latest on this. How are things going?

I am having the same problem.   We've upgrade from Notron Anti-Virus Corporation 9.3 to SEP 11 MR4 MP2.   Then I see some client having this random scan problem.  I've checked the registry on these client PC and did not see any old scan schedules is available.  All of these PC is having a schedule scan on the time set by me, they didn't missed any schedule scans.  In fact, this scan is purely randomize, as far I can see, 1. it starts right after a schedule system scan, 2. start scans right after a user login to the network, 3. start scans any time during the day.  There is only 1 anti-virus scanning policy in our network.  I've verified the setting to make sure that the "do not scan when a user login", "do not scan when new definition arrives" is enabled, "retry scan" setting is set to "1 hour".  Any help is appreciated.  Thank you. 

Run SymRmvScan

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008070711521548

Thank you Prachand.  I've called Symantec and got a copy of the "SymRmvScan" tool, haven't have a chance to use it yet.  I will post the result next week. 

Run the "SymRmvScan" tool, but no luck.  Random system scan re-occurs.   Waiting reply from Symantec on this problem. 

Post the comment to the right forum your concerns will be answered properly