Running an Endpoint Protection Scan

  • Article

Applies To: Forefront Endpoint Protection

This task applies to the following features:

  • Forefront Endpoint Protection

  • The FEP Security Management Pack

  • The FEP client

Important

You should configure FEP policy to ensure that scans run automatically on a regular basis.

To run a quick or full scan by using FEP

  1. In the Configuration Manager console, in the tree, expand Computer Management, expand Collections, and then navigate to the collection that contains the computer on which you want to start a scan.

    Tip

    If you know the name of the target computer, you can search for the computer in the details pane when a parent collection is selected in the tree.

  2. Right-click the computer name, click FEP Operations, and then click either Run Full Scan or Run Quick Scan.

    Tip

    You can target multiple computers by selecting them and then right-clicking a single computer.

To distribute the on-demand scan, Configuration Manager creates an advertisement. You can view the properties of the advertisement by navigating to Software Distribution in the tree, and then expanding Advertisements and FEP Operations.

The collections and advertisements created by this process are deleted the next time you run an on-demand scan, if they are older than seven days.

Note

Only one advertisement can run at a time on the client computer. Therefore, if an advertisement is running on the client computer that could potentially take a while to complete (such as a full scan on a computer with a large hard disk), subsequent advertisements are processed after that advertisement completes.

To run a quick or full scan by using the FEP Security Management Pack

  1. In the Operations Manager console, navigate to the Monitoring view, and then expand the Monitoring tree.

  2. In the Monitoring tree, under Forefront Endpoint Protection, click Endpoints with FEP.

  3. In the Endpoints with FEP pane, click the name of the endpoint on which you want to start a scan.

    Note

    In order to search for an endpoint by name, enter the name (FQDN) of the endpoint in the Look for text box, and then click Find Now.

  4. In the Actions pane, expand Protection Endpoint Tasks, and then click either Quick Scan or Full Scan.

  5. In the Run Task dialog box, verify that the target is the endpoint on which you want to run the scan and that the check box next to the target name is selected, and then click Run. The scan runs with the default parameters.

    Note

    The task is marked as successful after the scan is started on the targeted computer. Tasks in the FEP Security Management Pack represent the command to run the task, not the results of the task itself.

To run a quick or full scan locally on the FEP 2010 client

  1. In the notification area of your computer, right-click the Microsoft Forefront Endpoint Protection icon, and then click Open.

  2. On the FEP Home page, select either the Quick option or Full option, and then click Scan now. The scan may take a while, depending on the number of files and folders being scanned.