We've been getting reports of vulscan.exe running outside of our intended/schedule times, and today I learned about Local Scheduler time creep (Local Scheduler and being aware of time creep ).
This is definitely what we're seeing in our environment. Our scans are configured via schedule in the agent's Distribution and Patch settings. The schedule is set for 12:00am, with an additional random delay of an hour. No other filters are applied.
Screenshot:
Over time, the drift has caused set our start times to move all over the map, and on some devices the scan presents a noticeable slowdown for our staff. I have been exploring the community to find some examples of good practice that others may be using to address this issue. I've worked through the command line options for "localsch.exe", and while it seems fairly trivial to run a script periodically to reset the start time, I'm hopeful that a better solution exists.
Ultimately, I would like to have the scan begin at a specific time (12:00am is just an example), and only run at that time. I understand that forcing a scan into a window may cause some devices to not be scanned within this scheduled scan (due to device being off, etc...), but I have other mechanisms for dealing with that.
How are you accomplishing this in your environment?