Solved MSE not performing as expected

[DavidE]

You can look at c:\windows\temp\MpCmdRun.log

See if you have a entry in there for a SCAN today (toward the END of the log file).
If there is a scan listed for today, are any errors reported?

If you manually ran a scan today, that is not the entry we are looking for.
We're trying to see if the Scheduled scan is listed in the log.

Here is what a scan entry looks like in my log file.

MpCmdRun: Command Line: "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" Scan -ScheduleJob -RestrictPrivileges

 

[karlsnooks]

david,
If you would like to see some other interesting info, then:
C:\windows\serviceprofiles\networkservice\appdata\local\temp

 

[DavidE]

Thanks!
I didn't know about that log - i didn't have permission for it.
I see it does have additional info and could be helpful...
So, that's at least 4 log files that "MpCmdRun" info gets logged to!

Guess i need to log in more often as Admin and check things

 

[karlsnooks]

David,
Playing with the trigger edit field, I came across some interesting info:










An integer entry is interpreted as minute, in other words, 6 would give you an interval of every 6 minutes.

You can enter as pure integer or
6 minutes or
16 hours or
15 days or
255 hours or
576 minutes.

These are not equivalent times, but rather indicate various ways of specifying the repeat interval.

 

[Layback Bear]

david,
If you would like to see some other interesting info, then:
C:\windows\serviceprofiles\networkservice\appdata\local\temp

Ok karl where do I paste this. I can't seam to get anything.

 

[karlsnooks]

that location doesn't always have info there. It is a temp folder. Appears to be populated when an actual update has occurred. Next time I find something there, I'll show you what it shows. I didn't realize that the info got wiped out. I had been performing various operations with mse and wdo and updates and had several entries.

Amongst other info there, you could see that a validation check was being made before certain operations.

 

[DavidE]

I navigate to the folder using Explorer.
I do have to enter my Admin PW to access the folder.
Ccleaner file cleanup deletes this log when i use "Run as administrator".



a few of the log entries: View attachment MpCmdRun01.txt

Another log with MSE MpCmdRun update info is c:\windows\WindowsUpdate.log
It looks like each log file with MpCmdRun entries has different info...

I never tried using "System" for the user in Task Scheduler.
I saw that in the link from Karl in post #16.
Maybe using the "System" user would eliminate a lot of security/permission issues setting up and running Scheduled Tasks ???
I haven't played around with that yet.

 

[karlsnooks]

david,
another approach is:
1. In MSE configure a scan to take place with any settings you want
2. Run Task Scheduler (WIN | task sch | enter)
3. double-click on the entry for the MSE (forget what it's called)
4. Trigger tab, edit and select your desired time.

That saves the effort of configuring the other settings, although I went the long way first and followed the tutorial from Austin (author of write-up in link I gave).

 

[DavidE]

Hi Karl,

Maybe i'm confused, but nothing new there!

I only setup a scheduled task to check for Updates every 4 hours.

For scans I use the MSE "built in" scheduler and make setting changes there.
I never had a problem with scheduled scans (as long as the PC was on at the scheduled time).
I don't see a need to set up a task for scans, as daily works for me...

For updates:
i want them checked/updated more than once per day.
i don't want to be notified of an update available for THIS - i just want the definitions updated without any intervention by me...

Right now though it's really a question of "Do scheduled scans" work for Patricia?
If they don't, why and how to fix it...

 

[karlsnooks]

David,
Here's info on:
How to Schedule MSE Updates.

I feel that MSE allows enough options for MSE scans, but with task scheduler one can also make some changes to the scan frequency and other settings.

Now how to Schedule MSE Updates (and not be plagued with reminders):

View attachment HOW TO SCHEDULE MSE UPDATES.docx