Forum Discussion
"Run Antivirus Scan" results in "Antivirus scan failed"
I'm responding to an alert and via the Microsoft 365 Security portal I've triggered off a full antivirus scan:
However shortly after that when I double check the Action Center again it shows "Antivirus scan failed"
When hovering over the info () icon, next to the "Antivirus scan failed" text, a small tooltip comes up showing "AV Scan is already in progress". Because this happened yesterday (9/20) and again today (9/21) I'm frankly a little suspicious.
Is Defender really already in the middle of an AV scan?
If yes, how can I confirm that?
If no, then why won't the AV Scan execute?
Any advice is greatly appreciated!
JuliusPIV thank you!!
you can review the event viewer on the device itself by checking the below events.
You can also trigger a full scan from MDE as well as below and monitor the timeline logs.
6 Replies
JuliusPIV did you check the device page from the MDE device blade? and in the timeline section you can check the logs to see if the AV scan is completed
.
Hey there elieelkarkafi! Thanks for taking the time to reply and congratulations on the MVP nomination! :party_popper:🥳
The timeline doesn't show a full scan having completed today which is curious as I started looking into this several hours ago.
The 'Device health status' also doesn't show today's date for the last full scan:
I find that interesting as I tried to trigger a scan via Intune which completed without error:
We're 100% in the cloud so remote access is limited, but I tried to trigger a scan via mpcmdrun.exe which presumably worked because, when I run Start-MPScan it fails immediately with "start-mpscan : A scan is already in progress on this device." Curiously the FullScanStartTime property from Get-MPComputerStatus returns a September 16, not today which doesn't instill much confidence that a scan is indeed in progress.
Is there a sure fire way to verify that a full scan is indeed underway and there isn't a deeper problem? Are there any logs I can review to see what Defender is up to?
JuliusPIV thank you!!
you can review the event viewer on the device itself by checking the below events.
You can also trigger a full scan from MDE as well as below and monitor the timeline logs.
