When running an endpoint discover scan the scan will run as the scan type "Full" instead of "Differential" even when the option "Only scan files added or modified since the last full scan" is checked None

DLP 16.x

This is caused when there has not been a completed full scan.

This often happens when a full scan can not be completed all of the way because some of the clients do not check in before the time out or one of the clients is permanently offline.

In order for a full scan to occur there must be at least one successful full scan.

There are three solutions to this issue.

1. Ensure that all of the clients are online for the scan and remove any offline agents.

This solution is usually only feasible for smaller installs with fewer clients.

2. In DLP there is a targeting option that will allow you to target fewer agents which will allow for a small enough target which can ensure a full scan completes on all of the targeted agents.

Once there has been a full scan then all of the other agents can be added to the scan and differential scans will occur as expected from agents that have had a full scan.