ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Idle-Time Scans and Missed Scans in Symantec Endpoint Protection for Macintosh

book

Article ID: 162060

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SEP Macintosh scheduled scans may not run when expected.

Cause

Idle-Time and hard-coded scan window for SEP Macintosh may cause scans to run at times other than scheduled.

Resolution

There is no configurable "missed scan" feature in SEP Macintosh clients as there is in Windows clients, but there is a hard-coded 10-minute scan window. When a scheduled scan is missed (i.e. due to machine being shutdown) and the client machine is powered on within 10 minutes after the scheduled time, the scan will start running.

"Enable idle-time scan" may be checked in Macintosh scheduled scan properties. When this is enabled, the scan will run only if all of the following are true:
  • CPU idleness > 80
  • Load Average < 25
  • Battery Level > 75
  • HIDIdleTime < 5 5
  • DriveStatus should Low (reading or writing should less than 8 MB per sec)
If any of these conditions fail (even while the scan is already running) then the scan will be paused and it will resume only if all these conditions are satisfied again. If scan is paused for more than 30 minutes then it will be canceled.