Scan schedule not working?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

My "Status" says that WD is scheduled to scan daily around 2:00 AM, but it
also tells me "You haven't scanned your computer in 6 days."

This was a problem in the beta version also. Anyone else have this problem,
or offer a suggestion?

Thanks
 
Does the scheduled scan appear in scheduled tasks? To view it you will have
to go to Control Panel>Scheduled Tasks>Advanced and check mark View Hidden
Tasks. What state is your computer in when the task is cheduled?


Stu
 
Not sure what you mean by "state"...Massachusetts? <j/k>. All I did was
download it and install it.

This task was found in View Hidden Tasks: MP Scheduled Scan
This command line was found in that task's Properties: "C:\Program
Files\Windows Defender\MpCmdRun.exe" Scan -RestrictPrivileges

And there is a "Run As" line which says NT AUTHORITY\SYSTEM

Funny, it says it ran last night when it was scheduled to, but when I launch
WD, it stills says I haven't scanned in 7 days.

Thanks for responding.
 
What I meant by `state` was; I wonder whether or not your computer was on
standy/hibernation mode when the scan was scheduled or you were `logged on`.
There are options available under MP Scheduled Scan>Properties which take
this into consideration. Are the correct options check marked in the Tasks
and Settings tabs?
Just out of interest. When you get the; Your computer hasn`t been scanned
................. have you tried a manual scan and if so, does the warning go
away? You might also like to check the Event Viewer and see what errors (if
any), are being logged under WD.

Stu
 
Hi Stu;
I've seen a few reports of this happening since Defender went to the final
release, and my own system experiences it, but I've never found the cause.
I do have a work around though, which is to turn off scheduled scanning in
the Defender Options and do my own scheduling in Scheduled Tasks which
works fine... maybe better that the Defender Option as I can schedule both
quick scans and full scans along with a check for updated definitions
concurrently. For that reason I've never complained about this problem,
the technique is documented here:

http://www.microsoft.com/athome/sec...&p=1&tid=a9a3be66-ea13-4a0a-bb49-d9672d8b765b

I don't want to hijack the OP too badly, so I'll let ChazBo respond to your
questions, but I wanted to give him an alternative if he needs it.
 
Hi Dave

Just picked up your post and many thanks for the input - please feel free to
offer your thoughts and solutions. In retrospect I was on the wrong track
anyway as I`m sure you realise. The options I was checking out with ChazBo
relate to a scan NOT taking place and his seem to be with the GUI telling him
otherwise. Question being. Which do you believe? The Event Viewer, or the WD
GUI? I think I`d be inclined to go for the former. Try as I may, I have not
been able to replicate his situation on my machine but your advice sounds
like a very good alternative. Now you mention it. In the darkest depths of my
failing memory, I seem to recall posts to this effect many moons ago. Or was
it? ;

BTW. Slightly OT and while talking about Event Viewers. I have recently
started using Event Log Explorer and I`m sure there was one of the regulars
on here singing its praises some time ago. Was that person you? Anyway, I
filtered in WD and was concerned to see it was throwing up a `shed load` of
WD RTP checkpoint errors: Event ID 3003. Error code 0x80070005. The only
error code of this nature I`ve seen relating to WD, concerns its inability to
update its defs which I find worrying. Or, are these errors generated when WD
RTP periodically interogates the server for new def updates and none are
available? All GUI indications are that things are running normally. ie defs
update and no dialog box errors. More recently I`ve been doing more frequent
updates using the MS security portal - again without any probs. Any thoughts ?

Regards

Stu
 
Hi Stu;

I believe both the GUI and Task Scheduler. What I've seen is that at the
MPScheduled scan time the scan starts running but only lasts a few seconds
before it shuts down without any error being reported in the scan log, but
then the GUI doesn't get updated as having run a scan, so after three days
of this I start getting the haven't run a scan in over 3 days message. The
only difference is that the MP Scheduled scan task is Run as NT
Authority\System through the WD interface where as my self scheduled daily
scan is Run as my own Admin Account, but the confusing part is that both
System and my Admin account have the same permission levels. A scan run
either manually or as a scheduled task from my Admin account runs
successfully with a quick scan lasting 4 minutes or so and the GUI last
scan date is correctly updated in this case. Why it won't run as System, I
have no idea, and there are no error clues to follow, just that the scan
duration is very short. I'd imagine that ChazBo is seeing this as well, so
scheduling a scan to run from the Admin authority id rather than System
bypasses the problem. This unexplainably started happening to me around
March for my daily quick scan although the MP Scheduled Scan was working OK
before then. I had a monthly scan scheduled to run separately at that time
which was still running so I just disabled the MP Scheduled daily scan in
Options and added another scheduled task to run from my account at that
point to do the daily scan, this worked without problems and continues to
run well.

Yes, I plead guilty to advocating Event Log Explorer, the Ms method of
looking at that log is just too primitive. In regard to your Event ID
3003. Error code 0x80070005, it's certainly a permissions problem but
where? Since I think your not getting this reported on any specific
checkpoint, like a registry location that Defender monitors which would
make me look elsewhere, I think first I'd look at the permissions on the
Defender folder itself and all subfiles. Assuming my system is setup
correctly (LOL) since I'm not getting 3003 errors, here's what I see:

Security Settings:
Administrators and System both: Allow Full Control, Modify, Read & Execute,
List Folder Contents, Read, Write
Advanced Settings:
Administrators and System both: Allow Full Control, (not inherited), Apply
to this folder, subfolders, and files
 
Hi Dave

Many thanks for your input. I will delve into the depths of my system. If
you don`t hear from me for a while you will know why;

The symptoms you describe sound a bit like those I have experienced while
trying to execute WD as an on demand scanner from within the context menu of
Windows Explorer for a few weeks now. Although I have to admit I did not hang
around long enough to see if I received the 3 day warning. MpCmdRun would
execute very briefly (with a fleeting glimpse of the DOS screen), but it was
obvious there was no scan taking place and the GUI was not updating. That is
until I updated my defs thru the MS portal today. But I had previously messed
with the registry before then. My problem is I can seldom remember what I
did. Anyway, sequence was as follows:

1. DOS screen appeared ... signature update started ...... then finished.
2. Sys tray icon indicating a scan taking place.
3. Double clicked tray icon ... action confirmed with scan progress
illustrated.
4. Some time later ....scan completed . GUI updated.

On the down side, the DOS screen always remains maximised throughout the
procedure and I`m wondering if there are any switches which will minimise
without user input.

So you are the guilty one .... Event Log Explorer seems to be a great viewer
and I`m enjoying exploring its benefits. Still have a long way to go though
..............

Regards

Stu
 
You may have lost me... Are you saying there's a way to do custom scanning
using MpCmdRun and that's what your using from within Windows Explorer? I
thought there were only these -ScanType options:

0 Default, according to your configuration
1 Quick scan
2 Full system scan
 
Not exactly Dave. What I was trying to say was this. There are times (and
this is purely a personal thing), when it would be nice for me to have the
option to do an `on demand` scan with WD but the right click option does not
appear from within Windows Explorer or when you right click the Start Button.
So I decided some time ago to attempt to produce one myself thru folder
options. With my configuration you cannot configure what type of scan you
will get as this will have to have been previously set up thru the UI. But at
least I can get a scan going without going thru the UI. The down side is that
when run a DOS/CMD type screen appears which has to be minimised to the task
bar. What I haven`t been able to figure out (if its at all possible), is how
to produce a scan without the DOS/CMD screen appearing. So I was wondering if
there was a switch that can be used with MpCmdRun that would make it
disappear. Or even a registry tweak. In fact I notice there is a guy on this
NG requesting the same facility but I don`t feel my setup is refined enough
to offer my suggestion.

Hoping not to have confused you even more.

Regards

Stu
 
Ah OK, I got you now I think. The request to do context scanning via a
right click was my requested feature to Joe Faulhaber (MSFT) for WD version
2, since it is available on most other AV and AS programs. Right now I
have to use some other program like A-squared or AVG to do this in the AS
realm on individual files and in other situations a right click folder scan
is possible like when using SpySweeper but WD itself has no right click
context sensitive options right now in version 1.x.

From what you've described, you can perform a scan without going through
the UI by creating a bat file which is a simple batch program. If you point
to it with a shortcut you can run the batch file minimized through the
shortcut's properties, then no CMD prompt window will appear other than on
the taskbar. Here's an example of a quick scan run that way:

Create the file WDQuickScan.bat in the Windows Defender folder using
notepad, it should consist of only two lines as follows but word wrap will
probably break it into 3 lines in this newsgroup, do keep the " quote
symbols intact:

@echo off
"C:\Program Files\Windows
Defender\MpCmdRun.exe" -Scan -RestrictPrivileges -ScanType 1

On the desktop right click and create a New > Shortcut
Browse to the location of the WDQuickScan.bat file you previously created >
Next
Name the shortcut WDQuickScan > Finish
Right click the new shortcut on the Desktop > Select Properties
Select Run: Minimized > Apply
Click OK

Then just double click the WDQuickScan shortcut to run a quick scan without
the CMD window appearing. HTH
 
Hi Stu,

As Dave M has already pointed out, you can't get there from here with WD
with regard to setting a Rightclick context menu item to scan a selected
file or folder. Even if you have a custom scan set in the UI it will still
perform a Quick Scan after the Custom Scan.

Having said that, if you simply want to set a new Rightclick context menu
item that will start the Quick Scan with WD without the Command window
staying open you should be able to accomplish that in the following way:

Create the BAT file posted by Dave M and save it to the Default Windows
Defender folder, generally C:\Program Files\Windows Defender.

Open the Registry Editor to the following Key:
HKEY_CLASSES_ROOT\Folder\shell

Create a new Key under the "shell" folder, give it the name you would like
to see in the Rightclick context menu, something like:
Windows Defender QuickScan

Now create another Key under "Windows Defender QuickScan" called:
command

Your new Registry path for this new Context menu item would then look like
this:
HKEY_CLASSES_ROOT\Folder\shell\Windows Defender QuickScan\command

Give the "command" key a default data value that points to the .bat file you
saved in the Windows Defender folder:
C:\Program Files\Windows Defender\WDQuickScan.bat

Executing this new Rightclick Context Menu item should triger the Command
Window to appear briefly then close. The Scan will run in the background
with no Command Window visible. If you want to see(varify) the Scan
working, open the Windows Defender interface and you should see the Scan
running.

Good luck,

Donald Anadell
 
OK Dave, many thanks. I`ll give your solution a try. If you`d like to
investigate mine further here`s what I did. From Windows Explorer select
Tools>Folder Options>File Types Tab. From the list presented choose (NONE)
Folder and then the Advanced Button. In Edit File Type Dialog box select the
New button and you will be presented with New Action. In the Action Window
type the name you wish to appear on the context menu. I used `Scan with
Windows Defender`. Then browse or enter the command line you have in your
batch file. Except mine doesn`t have scan type 1. You will now have a `Scan
with Windows Defender` option when you right click a folder or the Start
Button.

Regards

Stu
 
Back
Top