What is the purpose of ADScan.exe process and how often does it run on the clients?

Release : 14.3 RU4

ADScan.exe process is a component of the App Discovery Feature from Hardening in 14.3 RU4.   Hardening is a behavioral engine used to reduce the attack surface on the endpoint.  The Hardening engine has App Control feature which controls what processes are allowed to run on the endpoint.

• The ADScan process performs the scanning for applications and binary files on the endpoint.  
• The ADScan process is launched by the Symantec Endpoint Foundation (SEF). AD engine for a scheduled scan, and to retrieve App Discovery data for an App Discovery retrieval command.
• When launched for a scan, ADScan performs the scan, updates a local database, and generates full and delta app discovery result files.
• The ADScan process receives the scan settings from the scanner.ini file which it receives on the command line.
• The App Discovery retrieval request will also spawn an ADScan.exe.  

The Frequency of discovery of files and other items on your devices:

• Full Disk Scan Non-System Drives Once a Month (The 20th day of the Month)
• Full Disk Scan System Drive Once a Month (The 10th day of the Month)
• Well Known Scan Once a Day (3AM Daily)

Well-known locations scan

• Add/Remove Programs
• Programs folder
• Desktop and Start menu shortcuts
• Microsoft registry locations

Full disk scan

• Includes all of the well-known scan locations plus all local drives (system or non-system).
• Runs on all your devices.