Endpoint Protection 12.1 Unmanaged : default scheduled scan added automatically when logged on.
Last Updated January 05, 2017
When an unmanaged Endpoint Protection (SEP) client is installed, a new default scheduled scan will be added automatically when each new user logs on. The default scheduled scan contains an Active scan (this is enabled and runs at every 0:30 PM). This will be a problem if the PC is a terminal server or citrix server because many Active scan will be added. This may also present a problem when an individual PC is used by many users with the potential for creating CPU spikes by ccsvchst.exe.
This problem is fixed in Symantec Endpoint Protection 12.1 Release Update 1 Maintenance Patch 1 (12.1 RU1-MP1).
For information on how to obtain the latest build of Symantec Endpoint Protection, read How to obtain an update or an upgrade for your Symantec corporate product. http://www.symantec.com/business/support/index?page=content&id=TECH99661
If migration to 12.1 RU1-MP1 is not an option, then see the workaround below.
This release introduces a new registry value which can be added by the administrator to disable all user scans:
The administrator can add EnableUserScans as a DWORD. When the value is 0 all user scans are disabled. When the value does not exist or is non-zero, all user scans are enabled (default behavior). Administrator-defined scans are not affected by this registry value.