scheduling Windows Defender full scan: problems and questions


  1. Posts : 35
    Windows 10 Pro for Workstations
       #1

    scheduling Windows Defender full scan: problems and questions


    I have a new Windows 10 Pro 64 bit laptop that I am configuring. I am coming from a Windows 7 desktop. Much has changed.


    For its malware defense, I am using Windows Defender and Malwarebytes Premium.


    Scheduling Malwarebytes to scan at a certain time of day is trivial, but I have found it difficult to schedule Windows Defender to do a full scan.


    ~~~~~~~~~~

    I first tried to schedule Windows Defender using Schedule tasks as described here.


    That worked, except that I see no option to specify a full scan, so surely it is doing the default of a quick scan.

    Story to be continued below...


    ~~~~~~~~~~


    I next stumbled across other links that said that you can control many (all?) aspects of Windows Defender scans via Group Policy.


    The 3 best links being this, and this, and this.

    So, I opened Group Policy Management Editor and made these changes from the defaults:


    Code:
    Group Policy Management Editor > Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus
        Randomize scheduled task times: Disabled
        
        Scan
            Allow users to pause scan:                                                          Enabled (could have left unconfigured, but wanted to be explicit)
            Check for the latest virus and spyware definitions before running a scheduled scan: Enabled
            Scan archive files:                                                                 Enabled (could have left unconfigured, but wanted to be explicit)
            Scan packed executables:                                                            Enabled (could have left unconfigured, but wanted to be explicit)
            Scan removable drives:                                                              Enabled
            Specify the day of the week to run a scheduled scan:                                Enabled with Options: Every Day
            Specify the maximum percentage of CPU utilization during a scan:                    Enabled with Options: 90
            Specify the scan type to use for a scheduled scan:                                  Enabled with Options: Full system scan
            Specify the time of day to run a scheduled scan:                                    Enabled with Options: 330 (330 minutes = 5.5 hours = 05:30)
            Start the scheduled scan only when computer is on but not in use:                   Disabled
            Turn on e-mail scanning:                                                            Enabled
            Turn on heuristics:                                                                 Enabled (could have left unconfigured, but wanted to be explicit)
    Problem: when I try to make the "Specify the day of the week to run a scheduled scan" change above, after I click the OK button, the value changes from my Enabled setting to Disabled!

    What the heck is going on?


    My guess was that maybe I had some other setting that conflicted with this one, which was causing the auto reset to Disabled. I scoured thru all the settings, but found nothing.

    Please advise!


    Another problem: to see if a scheduled scan would take place, I tried temporarily changing the "Specify the time of day to run a scheduled scan" value to 2 minutes past my current time. When the current time reached that, no scan took place.


    Is the Group Policy alone insufficient to trigger a scan?


    ~~~~~~~~~~


    Doing more web searching, I eventually found out how to make Schedule tasks have Windows Defender do a full scan. As described in this link, you must supply these args to the MpCmdRun.exe program

    Code:
    Scan -ScheduleJob -ScanType 2
    Question: what is considered the best way to configure Windows? Using tools like Schedule tasks? Or should I always try to get stuff to work via Group Policy of possible?

    I am new to Group Policy, but it seems like the more official and thorough way. Please confirm or deny, and further enlighten me.

    ~~~~~~~~~~

    If Group Policy is the way to go, there is one more setting that concerns me.

    Under Scan is a "Specify the maximum depth to scan archive files" setting.

    The default is 0, which, if I understand the help text (and all links I found when searched), means that it scans to 0 depth. In other words, it does not drill down inside any directories at all!

    That sounds awful, and stupid. It also contradicts how a setting of 0 in other contexts means there is no limit.

    I want a setting that drills down as deep as necessary into the archive, I want everything scanned!

    Any way to achieve that?

    I suppose that I could specify a really large value, but that it is an inelegant hack that should not have to do.
      My Computer


  2. Posts : 16,712
    Windows 10 Home x64 Version 22H2 Build 19045.4170
       #2

    To set up a WD scan, see Schedule WD scan - TenForumsTutorials

    And note my post #13 in that tutorial thread about which copy of WD's executable Windows actually uses.

    I know nothing of using Group Policy in this regard so cannot comment about it.

    Denis
      My Computer


  3. Posts : 35
    Windows 10 Pro for Workstations
    Thread Starter
       #3

    I have gone back thru the Group Policy Editor's Windows Defender Antivirus/Scan settings, seeing if I could find some sort of conflict that prevents me from getting the scan to run.

    I noticed something interesting just now.

    With the problematic "Specify the day of the week to run a scheduled scan" setting, I found that if I chose any single day of the week, for example Sunday, then the setting does take hold!

    It is only if I chose "Every Day that, after I click the OK button, the value changes from my Enabled setting to Disabled.

    I am still really puzzled why the Group Policy Editor will not let me chose "Every Day". But maybe this clue will stimulate someone's thinking.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:54.
Find Us




Windows 10 Forums