- On a computer installed with an unmanaged Symantec Endpoint Protection (SEP) client, for each user that logs on to the computer SEP creates 2 default scans, "ACTIVE SCAN ON START UP" and "SCHEDULED ACTIVE SCAN".
- Once the user deletes these scans, they will no longer be visible in their next login, but if another user logs in to the same computer, the scans will be created for his/her user account.
- This may cause multiple scans to be executed on the same machine in an environment where multiple users access the same computer.
- Even when logged in as the Administrator, one cannot create or remove scans for other user accounts.
- This feature is by design for unmanaged SEP clients, so for each user, SEP will automatically create these scans.
- When logged in as an administrator the "ACTIVE SCAN ON START UP" may be disabled for all users from the registry key StartupScansEnabled in HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\General\ StartupScansEnabled by changing its value to "0".
- There is no option to disable the "SCHEDULED ACTIVE SCAN" from the registry.
- To create an uniform scheduled scan for all users, create a Client Install Package from the SEP Manager.
- First create a new Client Group and assign it an Antivirus and AntiSpyware Policy with the required scheduled scan configured.
- Then export an Install Package from the SEPM>Admin>Install Packages selecting the option for "Unmanaged client" and the Client Group created in the above step. This will create a Client Package with all the policies configured for that group.
- Upon installation, the default scans will not be created and only the scan created in the Antivirus and AntiSpyware Policywill be available for all the users on the computer.
Imported Document ID: TECH174980
Subscribing will provide email updates when this Article is updated. Login is required.