Endpoint Protection and additional scheduled scans

When doing implementations of Endpoint Protection both 2007 and 2012 one question that comes up many times is that the customer wants to run a weekly quick scan and a monthly full scan or a daily quick scan and a weekly full scan. In the Policy settings it is only possible to configure one schedule scan so you would have to choose which one you want to schedule.


What really happens on the client is that a Scheduled Task is created on the client with the settings configured in the policy.

Endpoint protection has a command-line interface as well as the nice Graphical Interface called MPCmdrun.exe. MPCmdrun can be used to script actions on the clients like quick scan, full scan, remove a definition, scan a file and much more. MPCmdrun.exe is actually the command used by the scheduled task created by the Endpoint Protection client as well.


Creating an additional scan which in many cases is a wanted feature, can be done either with a Group Policy using Group Policy Preferences or using a Package/Program in Configuration Manager that executes the MPCMRun.exe command.

Creating a Schedule task using Group Policy Preference



Creating a Package/program which triggers a Full Scan on the client once every month.

Start by creating a Package without any source files as we will use the locally installed MPCMDrun.exe file from C:\Program Files\Microsoft Security Client. Using the following command line: “c:\program files\Microsoft Security Client\MpCmdRun.exe” -scan -scantype 2

Then create a program with the settings shown below.

SCEP schedule

Deploy the program using a deployment that runs every firs thursday in a month for instance and be sure to set it to “always rerun”

SCEP schedule2


Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.