Forum Discussion
Large numbers of scheduled full scans being cancelled - what's the cause?
I am reviewing scan related Adv Hunting data for one of my clients and can see large numbers of events with an ActionType of "AntivirusScanCancelled" in the DeviceEvents table. These events coinc...
We found our issue was mainly caused by the behaviour outlined here:
If a device is unplugged and running on battery during a scheduled full scan, the scheduled scan stops with event 1002, which states that the scan stopped before completion. Microsoft Defender Antivirus runs a full scan at the next scheduled time.
PJR_CDF That's not the case in my scenario. I am talking about servers, i have checked
1. no user intervention
2. no reboots
3. no battery un-plug case
- How long are the scans running for before they get cancelled?
Are they full scans or quick scans?
Do you have both quick and full scans configured?- How long are the scans running for before they get cancelled? - depends on the server.. but as per previous successfull completion.. it is finishing just minute before it's normal completion time..
Are they full scans or quick scans? - Full scan only.. quick scans are successfully
Do you have both quick and full scans configured? - Yes
Well, i found one solution to this. If i am running scheduled task with mpcmdrun.exe -Scan -Scantype2 commandlet then full scan finishes successfully. But , if i use powershell commands "Start-mpscan -scantype Fullscan" then i get this error on scheduled task "0x1"..- Interesting - keep me posted.
We are switching from Full to Quick scans only due to various other issues so hopefully the cancelled scans stop occurring as a result.