Forum Discussion
Explanation of Endpoint security > Microsoft Defender Antivirus policy > Scan settings
I am trying to configure the Scan settings for devices but having trouble to understand the wording:
Disable catch-up * scans: "Yes" means they are not disabled and will be conducted after two missed scans, right?
Run daily quick scan at, Scan type, Day of week to run a scheduled scan, Time of day to run a scheduled scan: I want to run a daily Quick scan. How can I do that? I have a feeling that those settings will be conflicting and nothing will be scanned.
Also: are there any best practices here?
- NielsScheffersIron Contributor
I agree the wording (or order or indentation or something) isn't very clear.
First things first: "Disable catch-up [...] scan" will disable the feature if set to "Yes" and enable the feature if set to "No". It's the confusing GPO-settings all over again :).
The next question is a little trickier. See, the "daily quick scan" and "scheduled scan" operate independent from each other.
A daily quick scan is always performed. The "Run daily quick scan at" setting merely allows you to tell Defender AV at what time it should run.
Additionally, you can perform a scheduled scan (which, to add to the confusion, can also be of type "Quick scan"). You should interpret the "Scan type" setting as "Scan type to use for a scheduled scan" (which is, coincidentally, its name in GPO-land).
Little tip: if settings (and their docs) aren't clear, I always try to find the GPO it originated from. Those descriptions are sometimes clearer. Don't be fooled though, as the settings in GPO might be turned around. For example: the "Disable catch-up [...] scan" settings are called "Turn on catch-up [...] scan" in GPO-speak.