Windows
United States (English) Sign in
Home Windows 8 Windows 7 Windows Vista Windows XP MDOP Windows Intune Library Forums
This topic has not yet been rated - Rate this topic

Running an Endpoint Protection Scan

Updated: December 17, 2012

Applies To: Windows Intune December 2012 Release

Windows Intune Endpoint Protection enables quick scans and full system scans to be run automatically or on-demand. A quick scan checks the locations, processes in the memory, and registry files on the hard disk that malicious software, or malware, is most likely to infect. A full system scan checks all files on the hard disk and all currently running programs. However, a full scan could cause managed computers to run slowly until the scan is complete. By default, quick scans are scheduled daily at 2 A.M. on computers that are not being used. Also by default, Windows Intune checks for the latest virus and spyware definitions before quick scans are run.

When malicious software requires follow-up on a managed computer, after appropriate actions are taken to clean the computer, a full system scan may need to be run. Running a full system scan helps ensure that the computer is clear of malware. By default, Endpoint Protection runs a full system scan as needed to follow up after malicious software is removed from a managed computer and when the current status for a computer is Full Scan Needed .

You can configure Endpoint Protection Policy Agent settings in the Windows Intune administrator console to change the default settings for scheduling recurring quick scans and full system scans. Windows Intune includes a policy template for this purpose.

You can initiate an on-demand remote scan or schedule a recurring scan by using Policy.

To run an on-demand remote scan

  1. Open the Windows Intune administrator console.

  2. In the workspace shortcuts pane, click the Groups icon, and then do one of the following:

    • To locate an individual computer on which to run the scan, in the navigation pane, click Overview if it is not already selected, and then type the partial or full name of the computer in the Search all computers box.

    • To locate a group of computers on which to run the scan, in the navigation pane, expand All Devices , click the group name, and then click the Devices tab.

  3. Select the computer, or press and hold the Ctrl key to select multiple computers.

  4. On the Remote Tasks list on the taskbar, click one of the following:

    • Run a Full Malware Scan

    • Run a Quick Malware Scan

  5. Review the summary message, and then click Close .

  6. To view the task status, click the Remote Tasks link in the bottom right corner of the Windows Intune administrator console.

    The Task Status dialog box lists current remote tasks, task status, device name, and any reported errors, and provides a link to troubleshooting information, if appropriate.

    To initiate follow-up commands, right-click the task, and then choose one of the actions described in the following table.

     

    Status Explanation Available actions

    Queued

    The task was sent to the Windows Intune administrator console but it has not yet been delivered to the targeted computer.

    Copy Text

    Running

    The task was successfully delivered to the computer and is running.

    Copy Text

    Completed

    The task completed successfully.

    Clear, Copy Text

    Failed

    The task did not succeed.

    Retry, Clear, Copy Text

To schedule a scan by using Policy

  1. Open the Windows Intune administrator console.

  2. In the workspace shortcuts pane, click the Policy icon.

  3. On the Policy Overview page, under Tasks , click Add Policy .

  4. In the Create a New Policy dialog box, do the following:

    1. Under Template Name , click Windows Intune Agent Settings .

    2. Under How would you like to use the selected template? , click Create and Deploy a Custom Policy .

    3. Click Create Policy .

  5. In the General section, type a name and description for your new policy.

  6. In the Endpoint Protection section in the Scan Schedule area, do the following:

    • Specify whether to schedule a daily quick scan, and if you schedule a scan, the time when the scan is to run.

    • Specify whether to schedule a full scan, and if so, the day and time when the scan is to run.

  7. In the Scan Options area, configure additional settings as needed.

    noteNote
    You can turn off a policy setting so that you do not specify a value for the setting in this policy, and so that you can configure it elsewhere. To turn a policy setting off or on, click the switch icon to the left of the setting so that the setting is not configured for this policy.

  8. Under Excluded Files and Folders , Excluded Processes , and Excluded File Types , specify any files and folders, processes, and file types that you want to exclude from the scan.

    Optionally, you can specify policy settings in other areas of the Create Policy page.

  9. After you have specified all settings, click Save Policy .

  10. A message appears, prompting you to specify whether to deploy the policy now. Click Yes to deploy the policy immediately, or click No to deploy the policy later. For more information, see How Windows Intune Policies are Applied.

  11. If you clicked Yes in the previous step, in the Manage Deployment dialog box, select the device groups to which you want to deploy this policy, click Add to add the device groups to the list of selected groups, and then click OK .

For detailed information about Endpoint Protection Agent settings, see the “Endpoint Protection Policy Settings” section in Windows Intune Agent Policy Reference.

See Also

 
Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.