ADScan.exe process is a component of the App Discovery Feature from Hardening in 14.3 RU4. Hardening is a behavioral engine used to reduce the attack surface on the endpoint. The Hardening engine has App Control feature which controls what processes are allowed to run on the endpoint.
- The ADScan process performs the scanning for applications and binary files on the endpoint.
- The ADScan process is launched by the Symantec Endpoint Foundation (SEF). AD engine for a scheduled scan, and to retrieve App Discovery data for an App Discovery retrieval command.
- When launched for a scan, ADScan performs the scan, updates a local database, and generates full and delta app discovery result files.
- The ADScan process receives the scan settings from the scanner.ini file which it receives on the command line.
- The App Discovery retrieval request will also spawn an ADScan.exe.
The Frequency of discovery of files and other items on your devices:
- Full Disk Scan Non-System Drives Once a Month (The 20th day of the Month)
- Full Disk Scan System Drive Once a Month (The 10th day of the Month)
- Well Known Scan Once a Day (3AM Daily)