Endpoint Protection

 View Only

  • 1.  How do I make SEP wake the computer from sleep for a scheduled scan?

    Posted Nov 28, 2012 12:40 AM

    How do I make SEP wake the computer from sleep for a scheduled scan?  We have users complaining because, although we have scans scheduled to run in the evening, they actually run in the morning, starting when the user wakes the machine from sleep.  This makes the machine less responsive.

    Windows 7 Enterprise SP1, a mixture of x86 and x64 installations.

    We're currently running SEP 11.0.5002.333.  Will I need to upgrade?

     



  • 2.  RE: How do I make SEP wake the computer from sleep for a scheduled scan?

    Trusted Advisor
    Posted Nov 28, 2012 12:59 AM

    Hello,

    That is not possible with SEP. You would need to use something like LANDesk or similar to "wake" the machines first.

    However, There is an MS article stating that apps can be programmed to instigate a wakeup form sleep state:

    http://msdn.microsoft.com/en-us/library/aa373235(VS.85).aspx

    Check this Thread with similar issue: 

    https://www-secure.symantec.com/connect/forums/virus-scans-sleep-mode

    Hope that helps!!



  • 3.  RE: How do I make SEP wake the computer from sleep for a scheduled scan?

    Posted Nov 28, 2012 01:09 AM

    This seems like very basic, essential functionality.  Can you file it as a feature request please?



  • 4.  RE: How do I make SEP wake the computer from sleep for a scheduled scan?

    Broadcom Employee
    Posted Nov 28, 2012 01:10 AM

    you mean hibernated?however you can can run scan as application performance for better usage for end user complaining about the scan



  • 5.  RE: How do I make SEP wake the computer from sleep for a scheduled scan?
    Best Answer

    Trusted Advisor
    Posted Nov 28, 2012 02:02 AM

    Hello,

    Created an IDEA on your behalf.

    https://www-secure.symantec.com/connect/ideas/scan-machines-set-hibernation-mode

    Let's promote the same.



  • 6.  RE: How do I make SEP wake the computer from sleep for a scheduled scan?

    Broadcom Employee
    Posted Nov 28, 2012 02:09 AM

    however  you can use WOL feature from SEP integrated conponent.

    check this link

    Types of tasks for Symantec Endpoint Protection Integration Component

    http://www.symantec.com/docs/HOWTO63167

     

    check this article as well

    https://www-secure.symantec.com/connect/articles/dont-miss-scheduled-scan-again



  • 7.  RE: How do I make SEP wake the computer from sleep for a scheduled scan?

    Posted Nov 28, 2012 02:19 AM

    No, in this case I believe the machines are sleeping rather than hibernating, although it would be preferable to support both.

    The scans are already configured for "best application performance".  (I hate to think what performance would be like if they weren't!)



  • 8.  RE: How do I make SEP wake the computer from sleep for a scheduled scan?

    Posted Nov 28, 2012 07:40 AM

    You need to use either WOL or a third party product to do this. Try looking into Altiris as it can do this.



  • 9.  RE: How do I make SEP wake the computer from sleep for a scheduled scan?

    Posted Nov 29, 2012 12:51 AM

    you can try this:

     

    By default, Symantec Endpoint Protection runs an active scan every day at 12:30 P.M. Symantec Endpoint Protection also runs an active scan when new definitions arrive on the client computer. On unmanaged computers, Symantec Endpoint Protection also includes a default startup scan that is disabled.

    Note:

    When a client computer is off or in hibernation or sleep mode, the computer might miss a scheduled scan. When the computer starts up or wakes, by default the scan is retried within a specified interval. If the interval already expired, Symantec Endpoint Protection does not run the scan and waits until the next scheduled scan time. You can modify the settings for missed scheduled scans.

    You should make sure that you run an active scan every day on the computers in your network. You might want to schedule a full scan once a week or once a month if you suspect that you have an inactive threat in your network. Full scans consume more computer resources and might affect computer performance.

    See Managing scans on client computers

    Table: Scan types

    Scan type

    Description

    Auto-Protect

    Auto-Protect continuously inspects files and email data as they are written to or read from a computer. Auto-Protect automatically neutralizes or eliminates detected viruses and security risks.

    Note:

    Mac clients support Auto-Protect for the file system only.

    See About the types of Auto-Protect.

    Download Insight

    Download Insight boosts the security of Auto-Protect scans by inspecting files when users try to download them from browsers and other portals. It uses reputation information from Symantec Insight to allow or block download attempts.

    Download Insight functions as part of Auto-Protect and requires Auto-Protect to be enabled.

    See How Symantec Endpoint Protection uses reputation data to make decisions about files.

    Administrator-defined scans

    Administrator-defined scans detect viruses and security risks by examining all files and processes on the client computer. Administrator-defined scans can also inspect memory and load points.

    The following types of administrator-defined scans are available:

    • Scheduled scans

      A scheduled scan runs on the client computers at designated times. Any concurrently scheduled scans run sequentially. If a computer is turned off or in hibernation or sleep mode during a scheduled scan, the scan does not run unless it is configured to retry missed scans. When the computer starts or wakes, Symantec Endpoint Protection retries the scan until the scan starts or the retry interval expires. You can schedule an active, full, or custom scan.

      Note:

      Only custom scans are available for Mac clients.

      You can save your scheduled scan settings as a template. You can use any scan that you save as a template as the basis for a different scan. The scan templates can save you time when you configure multiple policies. A scheduled scan template is included by default in the policy. The default scheduled scan scans all files and directories.

    • Startup scans and triggered scans

      Startup scans run when the users log on to the computers. Triggered scans run when new virus definitions are downloaded to computers.

      Note:

      Startup scans and triggered scans are available only for Windows clients.

    • On-demand scans

      On-demand scans are the scans that run immediately when you select the scan command in Symantec Endpoint Protection Manager.

      You can select the command from the Clients tab or from the logs.

    SONAR

    SONAR offers real-time protection against zero-day attacks. SONAR can stop attacks even before traditional signature-based definitions detect a threat. SONAR uses heuristics as well as file reputation data to make decisions about applications or files.

    Like proactive threat scans, SONAR detects keyloggers, spyware, and any other application that might be malicious or potentially malicious.

    Note:

    SONAR is only supported on Windows computers that run Symantec Endpoint Protection version 12.1 and later.

    See About SONAR.

    TruScan proactive threat scans

    Supported on Windows computers that run Symantec Endpoint Protection version 11.x. SONAR is not supported on any computers that run version 11.x.

    TruScan proactive threat scans provide protection to legacy clients against zero-day attacks. TruScan proactive threat scans determine if an application or a process exhibits characteristics of known threats. These scans detect Trojan horses, worms, keyloggers, adware and spyware, and the applications that are used for malicious purposes.

    Unlike SONAR, which runs in real time, TruScan proactive threat scans run on a set frequency.

    Early launch anti-malware (ELAM)

    Works with the Windows early launch anti-malware driver. Supported only on Windows 8.

    Early launch anti-malware provides protection for the computers in your network when they start up and before third-party drivers initialize.

    See Managing early launch anti-malware (ELAM) detections.

     

    Hope it works