Would be nice to have ability for Non persistent devices to have a scan schedule or flag within the OS to flag it so that upon a reboot it doesn't automatically scan. we are seeing scanning when associates log in even with the communication settings set as per below.
Client Recommendations
The following configuration recommendations will ensure that SEP client installations in non-persistent VDI environments do not generate network and disk IO from advanced SEP client features which they will not benefit from.
- Make the following changes to the Communications Settings policy:
- Configure clients to download policies and content in Pull mode (done)
- Disable the option to Learn applications that run on the client computers (done)
- Set the Heartbeat Interval to no less than one hour (done)
- Enable Download Randomization, set the Randomization window for 4 hours (done)
- Make the following changes to the Virus and Spyware Protection policy:
- Disable all scheduled scans (still enabled as it seems unsecure to do this)
- Disable the option to "Allow startup scans to run when users log on" (This is disabled by default) (not enabled)
- Disable the option to "Run an ActiveScan when new definitions Arrive" (not enabled)
- Avoid using features like application learning which send information to the SEPM and rely on client state to optimize traffic flow (done)