Forum Discussion

MiSum83's avatar
MiSum83
Brass Contributor
Nov 15, 2022

Intune + Defender - Configure Quick and Full scan

Hello experts,   I'm starting with Intune... been playing with it for few weeks already and want to start deploying some policies to my testing devices.   These days, I'm struggling to find out h...
antivirus scans
defender
Intune
VladanOEI's avatar
VladanOEI
Copper Contributor
Nov 08, 2023

Hello,
I'm also totally confused with the Intune Antivirus options.
Scan Parameter - (Quick scan/Full scan/Not configured)
Schedule Quick Scan Time - Selects the time of day that the Windows Defender quick scan should run. Note The scan type will depends on what scan type is selected in the Defender/ScanParameter setting. For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. The default value is 120
Schedule Scan DaySelects the day that the Windows Defender scan should run. Note The scan type will depends on what scan type is selected in the Defender/ScanParameter setting.
Schedule Scan TimeSelects the time of day that the Windows Defender scan should run. Note The scan type will depends on what scan type is selected in the Defender/ScanParameter setting. For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. The default value is 120.

 

If you have a QUICK scan time set aside (Schedule Quick Scan Time) doesn't it make sense that (Scan Parameter) ONLY has (Full Scan/Not Configured) as possible values?

If you have options to configure QUICK and FULL scans, doesn't it make sense to have two possible drop down boxes "Schedule Scan Day-QUICK" and "Schedule Scan Day-FULL"?

 

I have a very simple request:

1. Run a FAST scan at 9am every Tuesday

2. Run a FULL scan at  9am every Thursday

How to accomplish this using the current options within Intune Endpoint Security?

 

Thanks in advance,

Greg_Brown's avatar
Greg_Brown
Copper Contributor
Nov 10, 2023

VladanOEI 

This one was definitely confusing as hell. I ended up just testing it all myself to see how it behaved.

The following settings relate to a single scan type of your choosing:
"Scan Parameter" Choose Quick or Full
"Schedule Scan Day" Choose Day
Schedule  Scan Time" Choose Time

The following is it's own daily quick scan:
"Schedule Quick Scan Time" Pick the time of day that your daily quick scan will run. 

If you want a quick scan only once a week, and a Full scan once a week as well, you'll need to apply TWO separate policies and use the following three settings in each policy:
"Scan Parameter" Choose Quick or Full
"Schedule Scan Day" Choose Day
Schedule  Scan Time" Choose Time

This will give you a quick scan that only runs once a week in one policy, and a full scan that only runs once a week in the other policy. 

I understand this is dumb. But in saying that, the quick scans are not even noticable across my servers. I would advise just running a quick scan daily, and then a scheduled full scan once a week within a single policy. 

I hope this makes as much sense as possible on a subject that seems engineered to be confusing. 


  • VladanOEI's avatar
    VladanOEI
    Copper Contributor
    Nov 10, 2023
    We did exactly what you suggested but it doesn't work 😞
    We made 2 rules.
    First rule:
    "Scan Parameter" : Quick
    "Schedule Scan Day" : Thru
    Schedule Scan Time" 9 AM
    Second rule:
    "Scan Parameter" : Full
    "Schedule Scan Day" : Fri
    Schedule Scan Time" 9 AM

    and Intune Antivirus did not run any of the configured tasks.

    Microsoft never knew how to make simple things work properly. They are able to build "towers and cities", something that others cannot, and then they "fall" on such simple things like this.
    • Bas_de_Bruijn's avatar
      Bas_de_Bruijn
      Copper Contributor
      Mar 01, 2024

      VladanOEI I walked into the same situation and solved it the following way.

      It's either a QuickScan(Default) or a FullScan config in Intune. You can not configure them both.

      I chose to configure a QuickScan(Default) with these settings.

      Scantype: Quickscan

      Schedule Scanday: Every day (Default)

      Schedule Scan Time: 720

       

      I created a powershell script to create a scheduled task in Windows 10 to do a Full scan every Wednesday at 12:00 PM

       

      # Define task name and command
      $taskName = "Microsoft Defender Full Scan"
      $command = "powershell.exe -ExecutionPolicy Bypass -Command Start-MpScan -ScanType FullScan"

      # Create a trigger for Wednesday at 12:00 PM
      $trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Wednesday -At 12pm

      # Create action to run the command
      $action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument $command

      # Register the scheduled task
      Register-ScheduledTask -TaskName $taskName -Trigger $trigger -Action $action -Description "Runs a full antivirus scan using Microsoft Defender" -RunLevel Highest -Force

       

       

       

      • WiingreenMorten's avatar
        WiingreenMorten
        Copper Contributor
        Mar 21, 2024
        @bas_de_Bruijn
        Is it not possible to schedule a Quick Scan in One policy and a full scan in a different Policy?

Resources