Schedule antivirus scans using Group Policy

Applies to:

This article describes how to configure scheduled scans using Group Policy. To learn more about scheduling scans and about scan types, see Configure scheduled quick or full Microsoft Defender Antivirus scans.

Configure antivirus scans using Group Policy

  1. On your Group Policy management machine, in the Group Policy Editor, go to Computer configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Scan.

  2. Right-click the Group Policy Object you want to configure, and then select Edit.

  3. Specify settings for the Group Policy Object, and then select OK.

  4. Repeat steps 1-4 for each setting you want to configure.

  5. Deploy your Group Policy Object as you normally do. If you need help with Group Policy Objects, see Create a Group Policy Object.

Group Policy settings for scheduling scans

Location Setting Description Default setting (if not configured)
Scan Specify the scan type to use for a scheduled scan Quick scan
Scan Specify the day of the week to run a scheduled scan Specify the day (or never) to run a scan. Never
Scan Specify the time of day to run a scheduled scan Specify the number of minutes after midnight (for example, enter 60 for 1 a.m.). 2 a.m.
Root Randomize scheduled task times In Microsoft Defender Antivirus, randomize the start time of the scan to any interval from 0 to 4 hours.

In SCEP, randomize scans to any interval plus or minus 30 minutes. This can be useful in virtual machines or VDI deployments.

Enabled

Group Policy settings for scheduling scans for when an endpoint is not in use

Location Setting Description Default setting (if not configured)
Scan Start the scheduled scan only when computer is on but not in use Scheduled scans will not run, unless the computer is on but not in use Enabled

Note

When you schedule scans for times when endpoints are not in use, scans do not honor the CPU throttling configuration and will take full advantage of the resources available to complete the scan as fast as possible.

Group Policy settings for scheduling remediation-required scans

Location Setting Description Default setting (if not configured)
Remediation Specify the day of the week to run a scheduled full scan to complete remediation Specify the day (or never) to run a scan. Never
Remediation Specify the time of day to run a scheduled full scan to complete remediation Specify the number of minutes after midnight (for example, enter 60 for 1 a.m.) 2 a.m.

Group Policy settings for scheduling daily scans

Location Setting Description Default setting (if not configured)
Scan Specify the interval to run quick scans per day Specify how many hours should elapse before the next quick scan. For example, to run every two hours, enter 2, for once a day, enter 24. Enter 0 to never run a daily quick scan. Never
Scan Specify the time for a daily quick scan Specify the number of minutes after midnight (for example, enter 60 for 1 a.m.) 2 a.m.

Group Policy settings for scheduling scans after protection updates

Location Setting Description Default setting (if not configured)
Signature updates Turn on scan after Security intelligence update A scan will occur immediately after a new protection update is downloaded Enabled