What is the ADScan.exe process in SES | Scan Frequency
searchcancel
What is the ADScan.exe process in SES | Scan Frequency
book
Article ID: 239023
calendar_today
Updated On: 09-30-2024
Products
Endpoint Security Complete
Issue/Introduction
What is the purpose of ADScan.exe process and how often does it run on the clients?
Environment
Release : 14.3 RU4
Resolution
ADScan.exe process is a component of the App Discovery Feature from Hardening in 14.3 RU4. Hardening is a behavioral engine used to reduce the attack surface on the endpoint. The Hardening engine has App Control feature which controls what processes are allowed to run on the endpoint.
The ADScan process performs the scanning for applications and binary files on the endpoint.
The ADScan process is launched by the Symantec Endpoint Foundation (SEF). AD engine for a scheduled scan, and to retrieve App Discovery data for an App Discovery retrieval command.
When launched for a scan, ADScan performs the scan, updates a local database, and generates full and delta app discovery result files.
The ADScan process receives the scan settings from the scanner.ini file which it receives on the command line.
The App Discovery retrieval request will also spawn an ADScan.exe.
The Frequency of discovery of files and other items on your devices:
Full Disk Scan Non-System Drives Once a Month (The 20th day of the Month)
Full Disk Scan System Drive Once a Month (The 10th day of the Month)
Well Known Scan Once a Day (3AM Daily)
Well-known locations scan
Add/Remove Programs
Programs folder
Desktop and Start menu shortcuts
Microsoft registry locations
Full disk scan
Includes all of the well-known scan locations plus all local drives (system or non-system).
Runs on all your devices.
Additional Information
Does ADScan also run outsite of the named time windows because of missed scans? Or does ADscan ignore missed scans? ADScan will run outside of its scheduled time if a scan is missed. This is the intended behavior.
Can two Adscann processes run at the same time? Yes. The App Discovery retrieval request will also spawn an ADScan.exe. A scan can be running, while a data-retrieval request comes in. In that case, you'd see two ADScan processes running.