Intune AV Scan

Karthik Palani 0 Reputation points
2023-04-19T12:11:31.0866667+00:00

Hi All, We have integrated defender for endpoint with Intune and created Antivirus policies like below Scan.jpg Seems the quick scan and full scan is confusing for us. We set full scan at 8 PM , but it is somehow running at 11 Pm and for some users later. Like wise Quick scan is not running as specified. Is it only full scan executes and cud u suggest why its not running at scheduled time. Also I don't see any registry value entered under \local machine\Software\Policies\Microsoft\Windows Defender_Scan. But in Intune AV policy it is successful_ Please support

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,682 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,208 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Khaled El-Sayed Mohamed 1,065 Reputation points
    2023-05-28T10:12:27.2333333+00:00

    Hi Karthik Palani

    If you are experiencing issues with the scheduled scans not running as specified in your Microsoft Defender Antivirus policies integrated with Intune, there are a few potential causes and solutions to consider:

    Timezone and Clock Sync: Ensure that the time zone settings are accurate and consistent across all devices. Additionally, make sure the devices are synchronized with a reliable time source, such as a time server, to avoid any discrepancies in scheduled scan execution.

    Delayed Scan Start Time: It's possible that the scheduled scans are not starting exactly at the specified time due to various factors, such as system load or other running processes. Microsoft Defender Antivirus may have a built-in delay mechanism to allow the system to stabilize before starting the scan.

    System Activity and Power State: Microsoft Defender Antivirus might adjust the scan start time based on the device's power state and system activity. If the device is in a low-power or inactive state at the scheduled scan time, the scan might be postponed to a later time when the system is more suitable for performing the scan.

    Scan Exclusivity and System Performance: Full scans, in particular, can be resource-intensive and might impact system performance. To avoid significant disruption, Microsoft Defender Antivirus might automatically reschedule scans if it detects that the system is busy with other tasks or if it determines that the scan might impact the user experience negatively.

    Missing Registry Values: The absence of registry values under \HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Scan could indicate a potential issue with the policy application. Ensure that the policy is successfully applied to the devices and that the correct registry values are being set. You can check the Intune Management Extension logs on the affected devices for any errors related to policy enforcement.

    To troubleshoot the specific issues you are facing, you can take the following steps:

    Review Intune Policies: Verify that the antivirus policies in Intune are configured correctly, including the scan types (full scan and quick scan), scan schedules, and any additional settings.

    Monitor Device Behavior: Monitor the behavior of the affected devices to see if there are any patterns or consistency in the deviation from the scheduled scan times. Note down any particular factors or events that might be influencing the scan execution.

    Check Event Logs: Check the event logs on the affected devices for any relevant events or errors related to Microsoft Defender Antivirus scans. Look for entries that provide insights into the scan start times, any delays, or errors encountered.

    1. Contact Microsoft Support: If the issue persists and you have followed the above steps without success.
    0 comments No comments