Good find, Andrew.
One difference between Forefront and MSSE is in the granularity of
policy settings available for the client. Forefront has a setting
sometimes called the "catch-up scan". This setting forces the client to
run a scan on system startup if two or more scheduled scans have been
missed previously. Unfortunately, the setting is not exposed in the
user interface, and only can be implemented using Forefront policy files
(in our case, these policy files are distributed from our central SCCM
With the catch-up scan enabled, you are going to have a higher success
rate for scheduled scans under Forefront than with MSSE. However, a
non-managed Forefront install should behave about the same as MSSE,
since it does not have this setting enabled (to the best of my knowledge).
Also keep in mind that MSSE and Forefront are updated on different
schedules, so there may be bug fixes present in the current release of
Forefront that are not in the current MSSE, and vice versa, so this
could simply be the result of a code level difference.
In any event, your best protection with any anti-malware product comes
from you real-time on-access scan engine. As long as real-time
protection is running and you are getting definition updates, I would
not sweat the scheduled scans as much.
-J. Greg Mackinnon | ETS Systems Architecture and Administration | x68251
On 8/2/2011 11:35 AM, Andrew Hendrickson wrote:
> Reportedly the computer has to be idle for four hours before a scan will run?
> So, don't touch your machine for half a workday, and then see if the scan ran. ;-)
> Also reportedly you can disable this but then the scan will run at the time specified, with no arguments allowed.
> On Aug 2, 2011, at 11:13 AM, Helen Read wrote:
>> My office computer is not domain joined. I have looked at the FEP / MSE settings on both computers. Both of them have a Quick Scan scheduled. The scheduled scan works on the office machine with FEP, fails on the home computer with MSE. I tried changing the schedule on the home computer, in case it was conflicting with other scheduled tasks on my computer, and that didn't help any -- the scheduled scan still fails to run.
>> On 8/2/2011 11:00 AM, Andrew Hendrickson wrote:
>>> FEP is controlled by group policy if installed on domain joined computers (I think?), you'll also note that you can't change the preferred actions in FEP on a domain joined machine.
>>> Not sure what the installed defaults would be in FEP on a non joined machine?
>>> MSE is public freeware and I suspect the user has to set the scheduled scans?
>>> On Aug 2, 2011, at 10:49 AM, Helen Read wrote:
>>>> I have MSE installed on a home computer (32-bit Vista). The system tray icon is perpetually orange and unhappy that my system is "at risk" because the scheduled scans fail to run. The computer is left on at the times when the scan should run, but so far the scheduled task has never run.
>>>> Meanwhile I have FEP (essentially the same product, right?) installed on my office computer (64-bit Win7). The scheduled scans run just fine, and the tray icon is a nice happy green.
>>>> Any ideas?
>>>> Helen Read
>>>> Senior Lecturer
>>>> Mathematics& Statistics
>>>> University of Vermont
>>> Andrew Hendrickson
>>> CAS, IT Administrator
>>> UVM, College of Arts& Sciences
>>> 438 College Street #402
>>> Burlington, VT
>>> 802-656-4529 (fax)
>>> [log in to unmask]
>>> To submit a request for service please use:
> Andrew Hendrickson
> CAS, IT Administrator
> UVM, College of Arts& Sciences
> 438 College Street #402
> Burlington, VT
> 802-656-4529 (fax)
> [log in to unmask]
> To submit a request for service please use: