4 Replies Latest reply on Feb 6, 2012 2:27 PM by LANDave

    Does a missed scheduled AV scan run when a computer powers back on?

    Apprentice

      Does anyone know if a scheduled scan will run if it is missed when a computer is powered off? (shutdown not standby/hibernate)? I have a daily scan scheduled for 10pm because I received many complaints when we first setup LDAV (even with a low CPU setting). I currently have one user complaining that his computer is running slow because of kavehost.exe and sending screenshots of Performance Monitor, saying that the computer does a scan every morning.

       

      The amount of kavehost.exe listings under Disk Activity look normal for a real-time AV scanner.

        • 1. Re: Does a missed scheduled AV scan run when a computer powers back on?
          LANDave SupportEmployee

          This completely depends on how the Local Scheduled task was set up.

           

          The following documents may help clear up the mystery around this:

           

          http://community.landesk.com/support/docs/DOC-21723/version/5

           

          http://community.landesk.com/support/docs/DOC-2377

           

          Basically, unless you have a Time of Day or Day of Week filter included in the schedule, if the computer is off for a day and the schedule is missed, the task will run immediately when the computer comes on the next time.   It will then be reset to run at this time every day.

           

          So, if the users are gone for the weekend and the computers are off, eventually the scheduled task will drift to when the users are turning on their computers on Monday morning.

           

          Setting a Time of Day filter or Day of Week filter will lock the task to run only at the time range specified in the Local Scheduler Task.

          • 2. Re: Does a missed scheduled AV scan run when a computer powers back on?
            MarXtar ITSMMVPGroup

            David's right on this. Only thing with making this something that only happens at night is the impact of users powering off their systems. If by avoiding user impact you end up rarely scanning at all you could create a situation where a large proportion of your systems are left in a vulnerable state.

             

            I see two other things you might consider in addition to the time windows mentioned by David.

             

            First, you could add a second locally scheduled taks that will make sure each machine runs a vulnerabilty scan on a schedule that is less frequently such as once per week or once per month and not protect that with a time window. That way every machine will run it when they can.

             

            Second, you might consider setting up a centrally scheduled scan for the machines that runs at 10pm and use Wake-On-LAN to switch on machines.

             

            Mark McGinn

            MarXtar Ltd

            http://landesk.marxtar.co.uk

            LANDesk Silver ESP

             

            Join us on the 23rd Feb for our UK LANDesk Mobility Seminar (Smart, Laptop & Data) - Food & Fun too!

             

            The One-Stop Shop for LANDesk Enhancements

            - Wake-On-WAN - Distributed Wake-On-LAN, Scheduled Power Down, and SWDist Sequencing

            1 of 1 people found this helpful
            • 3. Re: Does a missed scheduled AV scan run when a computer powers back on?
              Apprentice

              Thanks for the quick answer- I was going to look at the computer in 30mins. For some reason I forgot that I had set a time range so I know that the computer is not doing a scan in the morning. Looking at Performance Monitor, there were so many kavehost.exe listings because of Office add-ins and Google Desktop running indexing in the background. I thought that Google Desktop is supposed to do it's file indexing when the computer is idle but it continued the entire time when using it.

              • 4. Re: Does a missed scheduled AV scan run when a computer powers back on?
                LANDave SupportEmployee

                Sometimes it can help to add exclusions for an indexing service for the LANDesk directories.

                 

                I'm not sure how this is configured for Google, but here is how you can do it for the Windows Indexing Service.

                 

                You may also want to add the Indexing Service executable to your list of Scan Exclusions for your Antivirus software.

                 

                I believe the Indexing Service executable is cidaemon.exe.

                 

                In addition you can add exclusions to the Indexing service to make sure it doesn't Index the LANDesk directories or your Antivirus vendor directories:

                 

                1. Add an exclusion for the LANDesk folders:
                  1. In the Windows Control Panel (Start | Control Panel), click Indexing Options.
                  2. Click 'Modify'.
                  3. Click the arrow next to 'Local disk', find the following folders in the structure and remove the check marks next to them to exclude the locations
                    1. All OS: \Program Files\LANDesk\LDClient (or \Program Files (x86)\LANDesk\LDClient for x64 OS)
                      (Windows XP/2003) Documents and Settings\All Users\Application Data\LANDeskAV
                      (Windows Vista/2008/7) ProgramData\LANDeskAV
                    2. Click OK.