Endpoint Protection

 View Only

  • 1.  Questions about Scheduled Scanning on Symantec Endpoint 11.x

    Posted Sep 25, 2009 01:52 PM
    I am currently running SEP 11 MR 4 and I'm confused on how exactly Scheduled Scanning works if a computer is powered off or disconnected from the network when it is initiated.

    Right now we have an Administrator-defined full scan that runs on day 1 of every month at 3:00 AM. We also have the 'Retry the scan within:' marked and set at 14 days.

    Now, this is my question:

    If a workstation missed the monthly scan at 3:00 AM, on the 1st of the month, will that same workstation:
    • Run the scan immediately once it regains communication with the SEP server, or
    • Try to run the scan again at 3:00 AM everyday, leading up to the 14th day, or
    • Try to run the scan again on the 14th day ONLY, or
    • Try to run the scan again at a random time set by SEP within the 14th day window.

    And what if the workstation regains communication after the 14 day window; will the scan simply be omitted?

    I would like to know exactly how this system works, because we're having some activity that are not consistent across the board when it comes to the missed scheduled scan actually retrying.

    Thanks for your help ahead of time.

    Kenneth


  • 2.  RE: Questions about Scheduled Scanning on Symantec Endpoint 11.x

    Posted Sep 25, 2009 02:18 PM
    Also, the Administrator guide for SEP 11.x is extremely brief on this feature and leaves quite a few unanswered questions for me. I'm kind of surprised I'm having trouble on gathering information that breaks down the behavior of this feature.


  • 3.  RE: Questions about Scheduled Scanning on Symantec Endpoint 11.x

    Posted Sep 25, 2009 02:26 PM
    If the machine is not shut down the scan will run at 3:00 AM . As the policy is stored on the machine locally and until and unless the policy is not changed the clients will run the scan as per the policy,.
    There is no relation between client not communicating with SEPM and scan nor running on time or running on Time.
     
    As the  missed events are concerned, The Antivirus Component of SEP flags whether scheduled scans completed successfully within the registry. However, when the SEP SMC initializes the AV component, this flag gets removed. This causes the client to treat the scan as a "missed event", and this triggers the scan to be re-run.
     
    To work around this problem, uncheck "Enable Missed Events" so that the client does not check whether the scheduled scan comple


  • 4.  RE: Questions about Scheduled Scanning on Symantec Endpoint 11.x



  • 5.  RE: Questions about Scheduled Scanning on Symantec Endpoint 11.x

    Posted Sep 25, 2009 03:26 PM
    So once the computer reboots after the missed scan, it is designed to immediately retry the scan as long as it is still within the retry window declared in the policy stored on the local machine? What if the 2nd attempt fails as well? will SEP continue within the 14 day window until the scan is flagged successful?


  • 6.  RE: Questions about Scheduled Scanning on Symantec Endpoint 11.x

    Posted Sep 25, 2009 03:33 PM
    So once the computer reboots after the missed scan, it is designed to immediately retry the scan as long as it is still within the retry window declared in the policy stored on the local machine?  Yes


    What if the 2nd attempt fails as well?
     It  will try again

    will SEP continue within the 14 day window until the scan is flagged successful?
    yes


  • 7.  RE: Questions about Scheduled Scanning on Symantec Endpoint 11.x

    Posted Sep 25, 2009 03:41 PM
    The interval missed event can be set as per requirment


    missed.JPG