Scheduled Scan: How to determine if it's running OK?

[Rich]

I'm running WD 1.1.1347.0 on a WS2003 machine. (yes, I have my doubts about
whether I should be doing this, given WD's fairly well-documented flakiness
but for some reason I persist... cost I guess)

Anyway, I'd like to know that the scheduled scans are actually running. In
XP you can look at the Scheduled Tasks and see the start & finish time and
the result code. Not very user friendly but at least it's a start. In
WS2003's Scheduled Tasks I don't see WD as an item. The only thing I could
figure was to look at the MPCmdRun.log.

So here's what that log says on my server:

-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "D:\Program Files\Windows Defender\MpCmdRun.exe"
Scan -RestrictPrivileges
Start Time: Sun Jun 18 09:00:00 2006


Start: MpScan(MP_ANTISPYWARE, dwOptions=2)
Start: MpSignatureUpdate()
Update started (Type:Scheduled)
SearchStarted...
Search Completed with hr: 0x00000000
Download Started...
Download Progress-
Update Index:0 of :1d (262984 of 262984 bytes)...[262984 of 262984 bytes
overall - 100%]
Download Completed with hr: 0x00000000
Installation Started...
Installation Progress-
Percent Complete:0,
Current Update Index:0 (of 1),
Current Update Percent Complete:0
Installation Progress-
Percent Complete:0,
Current Update Index:0 (of 1),
Current Update Percent Complete:0
Installation Progress-
Percent Complete:100,
Current Update Index:0 (of 1),
Current Update Percent Complete:100
Installation Progress-
Percent Complete:100,
Current Update Index:0 (of 1),
Current Update Percent Complete:100
Installation Completed with hr: 0x00000000
Reboot is not required...
Update completed succesfuly. (hr:0x00000000)
Finish: MpSignatureUpdate()
MpCmdRun: End Time: Sun Jun 18 09:00:10 2006

-------------------------------------------------------------------------------------

This is the time that my scheduled scan is supposed to run (Sunday 9:00am)
but it looks to me that this only did a "check for updates"... it didn't run
the scan. Is that the correct interpretation?

-Rich

p.s. I still think it's absolutely absurd that WD doesn't report the results
of the last scheduled scan within it's app, perhaps in History. All
antivirus/antispyware programs do or should do this. Just something like
"scanned 50000 files... date/time... results: complete, no spyware found".

 

[robin]

look in event viewer under system
robin

 

[Rich]

Thanks Robin.

I checked out events on 2 other computers where it seems to run OK and I see
exactly what I was looking for... explicit evidence of completion, elapsed
time, etc. (Still baffling that MS won't put this same info into the
application/history itself!)

However, on the 1 server in question, the event log supports my theory that
the scan is not happening. But the previous step "Check for updated
definitions before scanning" is working. Very wierd! The problem server
has the same scheduled scan options as another server which is working like
a charm.

Anyone know the best way to troubleshoot why one server's scheduled scan is
not running? Again, this is a WS2003 box and there is no evidence of a scan
in the system events log, or in the MpCmdRun.log (below).

Maybe I should just wipe-out the scheduled scan settings and redo them from
scratch??

-Rich

look in event viewer under system
robin

I'm running WD 1.1.1347.0 on a WS2003 machine. (yes, I have my doubts
about whether I should be doing this, given WD's fairly well-documented
flakiness but for some reason I persist... cost I guess)

Anyway, I'd like to know that the scheduled scans are actually running.
In XP you can look at the Scheduled Tasks and see the start & finish time
and the result code. Not very user friendly but at least it's a start.
In WS2003's Scheduled Tasks I don't see WD as an item. The only thing I
could figure was to look at the MPCmdRun.log.

So here's what that log says on my server:

-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "D:\Program Files\Windows Defender\MpCmdRun.exe"
Scan -RestrictPrivileges
Start Time: Sun Jun 18 09:00:00 2006


Start: MpScan(MP_ANTISPYWARE, dwOptions=2)
Start: MpSignatureUpdate()
Update started (Type:Scheduled)
SearchStarted...
Search Completed with hr: 0x00000000
Download Started...
Download Progress-
Update Index:0 of :1d (262984 of 262984 bytes)...[262984 of 262984 bytes
overall - 100%]
Download Completed with hr: 0x00000000
Installation Started...
Installation Progress-
Percent Complete:0,
Current Update Index:0 (of 1),
Current Update Percent Complete:0
Installation Progress-
Percent Complete:0,
Current Update Index:0 (of 1),
Current Update Percent Complete:0
Installation Progress-
Percent Complete:100,
Current Update Index:0 (of 1),
Current Update Percent Complete:100
Installation Progress-
Percent Complete:100,
Current Update Index:0 (of 1),
Current Update Percent Complete:100
Installation Completed with hr: 0x00000000
Reboot is not required...
Update completed succesfuly. (hr:0x00000000)
Finish: MpSignatureUpdate()
MpCmdRun: End Time: Sun Jun 18 09:00:10 2006

-------------------------------------------------------------------------------------

This is the time that my scheduled scan is supposed to run (Sunday
9:00am) but it looks to me that this only did a "check for updates"... it
didn't run the scan. Is that the correct interpretation?

-Rich

p.s. I still think it's absolutely absurd that WD doesn't report the
results of the last scheduled scan within it's app, perhaps in History.
All antivirus/antispyware programs do or should do this. Just something
like "scanned 50000 files... date/time... results: complete, no spyware
found".

 

[robinb]

i still think this is not a good place to put this- it can be here but it
should be on the main page confirming it did a scan on a particular day. As
said before most novice ppl who will use this program have no idea what
event viewer even is.
If MS wants this available for all folks regardless of ability, they have to
make it compatable for everyone or only the IT person will use it.

For now I cannot recommend it yet for my clients because all my clients are
beginners or novice users and would be lost without a step by step. MS has
to make it more user friendly.
robin

Thanks Robin.

I checked out events on 2 other computers where it seems to run OK and I
see exactly what I was looking for... explicit evidence of completion,
elapsed time, etc. (Still baffling that MS won't put this same info into
the application/history itself!)

However, on the 1 server in question, the event log supports my theory
that the scan is not happening. But the previous step "Check for updated
definitions before scanning" is working. Very wierd! The problem server
has the same scheduled scan options as another server which is working
like a charm.

Anyone know the best way to troubleshoot why one server's scheduled scan
is not running? Again, this is a WS2003 box and there is no evidence of a
scan in the system events log, or in the MpCmdRun.log (below).

Maybe I should just wipe-out the scheduled scan settings and redo them
from scratch??

-Rich

look in event viewer under system
robin

I'm running WD 1.1.1347.0 on a WS2003 machine. (yes, I have my doubts
about whether I should be doing this, given WD's fairly well-documented
flakiness but for some reason I persist... cost I guess)

Anyway, I'd like to know that the scheduled scans are actually running.
In XP you can look at the Scheduled Tasks and see the start & finish
time and the result code. Not very user friendly but at least it's a
start. In WS2003's Scheduled Tasks I don't see WD as an item. The only
thing I could figure was to look at the MPCmdRun.log.

So here's what that log says on my server:

-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "D:\Program Files\Windows Defender\MpCmdRun.exe"
Scan -RestrictPrivileges
Start Time: Sun Jun 18 09:00:00 2006


Start: MpScan(MP_ANTISPYWARE, dwOptions=2)
Start: MpSignatureUpdate()
Update started (Type:Scheduled)
SearchStarted...
Search Completed with hr: 0x00000000
Download Started...
Download Progress-
Update Index:0 of :1d (262984 of 262984 bytes)...[262984 of 262984 bytes
overall - 100%]
Download Completed with hr: 0x00000000
Installation Started...
Installation Progress-
Percent Complete:0,
Current Update Index:0 (of 1),
Current Update Percent Complete:0
Installation Progress-
Percent Complete:0,
Current Update Index:0 (of 1),
Current Update Percent Complete:0
Installation Progress-
Percent Complete:100,
Current Update Index:0 (of 1),
Current Update Percent Complete:100
Installation Progress-
Percent Complete:100,
Current Update Index:0 (of 1),
Current Update Percent Complete:100
Installation Completed with hr: 0x00000000
Reboot is not required...
Update completed succesfuly. (hr:0x00000000)
Finish: MpSignatureUpdate()
MpCmdRun: End Time: Sun Jun 18 09:00:10 2006

-------------------------------------------------------------------------------------

This is the time that my scheduled scan is supposed to run (Sunday
9:00am) but it looks to me that this only did a "check for updates"...
it didn't run the scan. Is that the correct interpretation?

-Rich

p.s. I still think it's absolutely absurd that WD doesn't report the
results of the last scheduled scan within it's app, perhaps in History.
All antivirus/antispyware programs do or should do this. Just something
like "scanned 50000 files... date/time... results: complete, no spyware
found".

 

[Rich]

I agree. It's apparent that MS does not fully back WinDefender in order to
make it a leading anti-spyware product.

It's as if the development budget for it is severly restricted. They've
been fooling around in beta-mode for years now. I guess they don't want it
to be so successful that it would cannibalize some other product/market that
they're interested in.

Who knows, but it sure is an embarrasingly fledgling product given MS's
standards, and the suggestions that I've seen made in this newsgroup seem to
largely fall on deaf ears.

-Rich

i still think this is not a good place to put this- it can be here but it
should be on the main page confirming it did a scan on a particular day.
As said before most novice ppl who will use this program have no idea what
event viewer even is.
If MS wants this available for all folks regardless of ability, they have
to make it compatable for everyone or only the IT person will use it.

For now I cannot recommend it yet for my clients because all my clients
are beginners or novice users and would be lost without a step by step. MS
has to make it more user friendly.
robin

Thanks Robin.

I checked out events on 2 other computers where it seems to run OK and I
see exactly what I was looking for... explicit evidence of completion,
elapsed time, etc. (Still baffling that MS won't put this same info into
the application/history itself!)

However, on the 1 server in question, the event log supports my theory
that the scan is not happening. But the previous step "Check for updated
definitions before scanning" is working. Very wierd! The problem server
has the same scheduled scan options as another server which is working
like a charm.

Anyone know the best way to troubleshoot why one server's scheduled scan
is not running? Again, this is a WS2003 box and there is no evidence of
a scan in the system events log, or in the MpCmdRun.log (below).

Maybe I should just wipe-out the scheduled scan settings and redo them
from scratch??

-Rich

look in event viewer under system
robin
I'm running WD 1.1.1347.0 on a WS2003 machine. (yes, I have my doubts
about whether I should be doing this, given WD's fairly well-documented
flakiness but for some reason I persist... cost I guess)

Anyway, I'd like to know that the scheduled scans are actually running.
In XP you can look at the Scheduled Tasks and see the start & finish
time and the result code. Not very user friendly but at least it's a
start. In WS2003's Scheduled Tasks I don't see WD as an item. The only
thing I could figure was to look at the MPCmdRun.log.

So here's what that log says on my server:

-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "D:\Program Files\Windows
Defender\MpCmdRun.exe" Scan -RestrictPrivileges
Start Time: Sun Jun 18 09:00:00 2006


Start: MpScan(MP_ANTISPYWARE, dwOptions=2)
Start: MpSignatureUpdate()
Update started (Type:Scheduled)
SearchStarted...
Search Completed with hr: 0x00000000
Download Started...
Download Progress-
Update Index:0 of :1d (262984 of 262984 bytes)...[262984 of 262984
bytes overall - 100%]
Download Completed with hr: 0x00000000
Installation Started...
Installation Progress-
Percent Complete:0,
Current Update Index:0 (of 1),
Current Update Percent Complete:0
Installation Progress-
Percent Complete:0,
Current Update Index:0 (of 1),
Current Update Percent Complete:0
Installation Progress-
Percent Complete:100,
Current Update Index:0 (of 1),
Current Update Percent Complete:100
Installation Progress-
Percent Complete:100,
Current Update Index:0 (of 1),
Current Update Percent Complete:100
Installation Completed with hr: 0x00000000
Reboot is not required...
Update completed succesfuly. (hr:0x00000000)
Finish: MpSignatureUpdate()
MpCmdRun: End Time: Sun Jun 18 09:00:10 2006

-------------------------------------------------------------------------------------

This is the time that my scheduled scan is supposed to run (Sunday
9:00am) but it looks to me that this only did a "check for updates"...
it didn't run the scan. Is that the correct interpretation?

-Rich

p.s. I still think it's absolutely absurd that WD doesn't report the
results of the last scheduled scan within it's app, perhaps in History.
All antivirus/antispyware programs do or should do this. Just
something like "scanned 50000 files... date/time... results: complete,
no spyware found".