What is the ADScan.exe process in SES
search cancel

What is the ADScan.exe process in SES

book

Article ID: 239023

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

What is the purpose of ADScan.exe process and how often does it run on the clients?

Environment

Release : 14.3 RU4

Resolution

ADScan.exe process is a component of the App Discovery Feature from Hardening in 14.3 RU4.   Hardening is a behavioral engine used to reduce the attack surface on the endpoint.  The Hardening engine has App Control feature which controls what processes are allowed to run on the endpoint.

  • The ADScan process performs the scanning for applications and binary files on the endpoint.  
  • The ADScan process is launched by the Symantec Endpoint Foundation (SEF). AD engine for a scheduled scan, and to retrieve App Discovery data for an App Discovery retrieval command.
  • When launched for a scan, ADScan performs the scan, updates a local database, and generates full and delta app discovery result files.
  • The ADScan process receives the scan settings from the scanner.ini file which it receives on the command line.
  • The App Discovery retrieval request will also spawn an ADScan.exe.  

 

The Frequency of discovery of files and other items on your devices:

  • Full Disk Scan Non-System Drives Once a Month (The 20th day of the Month)
  • Full Disk Scan System Drive Once a Month (The 10th day of the Month)
  • Well Known Scan Once a Day (3AM Daily)

 

Well-known locations scan

  • Add/Remove Programs
  • Programs folder
  • Desktop and Start menu shortcuts
  • Microsoft registry locations

 

Full disk scan

  • Includes all of the well-known scan locations plus all local drives (system or non-system).
  • Runs on all your devices.