Menu
CCMEXEC.COM – Enterprise Mobility
  • Home
  • General
  • Configuration Manager
  • Windows 10
  • Windows 11
  • Intune
  • GitHub
  • About
CCMEXEC.COM – Enterprise Mobility

Endpoint Protection and additional scheduled scans

Posted on October 21, 2013 by Jörgen Nilsson

When doing implementations of Endpoint Protection both 2007 and 2012 one question that comes up many times is that the customer wants to run a weekly quick scan and a monthly full scan or a daily quick scan and a weekly full scan. In the Policy settings it is only possible to configure one schedule scan so you would have to choose which one you want to schedule.

SCEP_Policy

What really happens on the client is that a Scheduled Task is created on the client with the settings configured in the policy.

Endpoint protection has a command-line interface as well as the nice Graphical Interface called MPCmdrun.exe. MPCmdrun can be used to script actions on the clients like quick scan, full scan, remove a definition, scan a file and much more. MPCmdrun.exe is actually the command used by the scheduled task created by the Endpoint Protection client as well.


SCEP TASK

Creating an additional scan which in many cases is a wanted feature, can be done either with a Group Policy using Group Policy Preferences or using a Package/Program in Configuration Manager that executes the MPCMRun.exe command.

Creating a Schedule task using Group Policy Preference

Endpoint_Schedule

Endpoint_Schedule1


Creating a Package/program which triggers a Full Scan on the client once every month.

Start by creating a Package without any source files as we will use the locally installed MPCMDrun.exe file from C:\Program Files\Microsoft Security Client. Using the following command line: “c:\program files\Microsoft Security Client\MpCmdRun.exe” -scan -scantype 2

Then create a program with the settings shown below.

SCEP schedule

Deploy the program using a deployment that runs every firs thursday in a month for instance and be sure to set it to “always rerun”

SCEP schedule2


5 thoughts on “Endpoint Protection and additional scheduled scans”

  1. Jonathan says:
    November 29, 2013 at 3:39 pm

    Hi Jorgen,

    You say ‘” What really happens on the client is that a Scheduled Task is created on the client with the settings configured in the policy.”

    I have SCCM 2012 SP1 and SCEP 2012 deployed to clients. I do have a scheduled scan configured by my policy, but I don’t see any Scheduled Task created locally on the cilent.

    I can see the information about the scan in the client agent (greyd out) and also in the registry.

    I’m having problems with the timing of running that scheduled scan when I saw that I “should” have a Task Scheduled locally.

    Normal?

    Thanks

    Reply
    1. Jörgen Nilsson says:
      December 3, 2013 at 4:31 pm

      Hi,
      Yes, you should have a scheduled task under Microsoft Antimalware Schedule scan, in Task Scheduler. Does the client perform a schedule scan?
      /Jörgen

      Reply
  2. Jonathan says:
    December 3, 2013 at 4:58 pm

    Hi, thanks for the anwser 🙂

    Yes the client seems to do scheduled scan as per the returned information to the server.
    I can also see the information in the event viewer locally.

    I was trying to debug strange behaviour of when the client start a scan at different times then what is scheduled. I have enabled the Run scan when 2 scheduled scan are missed. So I understand that sometime, it will run out of the scheduled time.

    but It happened to run, complete and then rerun the next day for 4-5 days straight. The scheduled scan should run only once a week.
    Kind of strange that I don’t see the scheduled task on any of my clients :S

    If you have any suggestion, I’m listening 😉

    thanks

    Reply
  3. Paul says:
    March 11, 2015 at 6:43 pm

    @Jonathan – my guess is that you don’t see the scheduled task in your context. If you launch a cmd prompt as system (using psexec), and then launch the scheduled task gui from there (which in turn will spawn as system), you should then see the scheduled task for SCEP.

    Reply
  4. Ulrich Stocker says:
    October 1, 2018 at 9:09 am

    Hello Jorgen,
    My name is Uli and I want to implement a scheduled scan on a server that runs every hour and only on a specific folder. Is this even possible with Endpoint Protection or not?

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
All code is provided "AS-IS" with no warranties.

Recent Posts

  • New settings in Intune Security Baseline Windows 11 24H2 -2504
  • Managing extensions in Visual Studio Code
  • Reinstall a required Win32app using remediation on demand
  • Administrator protection in Windows 11 – First look
  • Remediation on demand script – ResetWindowsUpdate
©2025 CCMEXEC.COM – Enterprise Mobility | WordPress Theme by Superb Themes
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT