Team: Huntress EDR
Product: Managed Defender Antivirus
Environment: Managed AV (MAV)
Summary: It is not recommended to run scheduled (automated) Full Scans with Microsoft Defender, so it is disabled inside of the Managed AV solution. Manual full scans are still available.
Managed AV - Can I schedule Full Scans?
You may notice that you cannot schedule full scans. This is based on new recommendations from recent research surrounding how Full Scans with Microsoft Defender behaves.
Depending on the computer resources and the number of files present, a full scan can take anywhere between hours and multiple days to complete. Microsoft no longer recommends scheduling regular Full Scans due to the time and resources involved with a full scan.
What we've found based on our research
We have been closely monitoring Microsoft Defender Antivirus and with our extensive testing, as well as through reports from our partners, it became clear that Scheduled Full Scans would often start and not complete. This was happening for a number of reasons, including:
- A Scheduled Full Scan would start but not complete before the next scheduled scan was set to run (based on resource utilization limits, hardware, and/or the number of files to scan)
- Full scans could be interrupted by:
- a shutdown/reboot
- another application
- Windows automatically terminating the scanning process
- If the machine is offline during the scheduled scan time, catch-up scans would start the full scan at the next boot and are likely to clash with the next run schedule.
Based on this research, further evidenced by recommendations by Microsoft, the safest option was to remove this feature in order to ensure availability for managed endpoints. In addition, Defender also continues to perform and monitor real-time on-access scanning.
Please note that you're still able to run a manual full scan. It's important to keep in mind that manual scans are not subject to CPU or resource throttling. See the following link to learn how to do execute a manual scan: Manual scans.
Please sign in to leave a comment.