MS Defender (Schedule Full Scan) plist file

merladmin
New Contributor II

Hi,

I'm trying to create plist file for MS Defender to schedule a full scan, everyday at 8pm, but it doesn't seem to be working. Below is a copy my current plist. I've also tried the example given by Microsoft, but not luck.

If I try load it manually, I receive a "invalid property list" message.

"/Library/LaunchDaemons/com.microsoft.wdav.schedfullscan.plist: Invalid property list"

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
      <key>Label</key>
      <string>com.microsoft.wdav.schedfullscan</string>
      <key>ProgramArguments</key>
      <array>
            <string>sh</string>
            <string>-c</string>
            <string>/usr/local/bin/mdatp scan full</string>
      </array>
      <key>RunAtLoad</key>
      <true/>
      <key>StartCalendarInterval</key>
      <dict>
            <key>Day</key>
            <integer>0</integer>
            <key>Hour</key>
            <integer>20</integer>
            <key>Minute</key>
            <integer>0</integer>
            <key>Weekday</key>
            <integer>0</integer>
       </dict>
       <key>WorkingDirectory</key>
       <string>/usr/local/bin/</string>
</dict>
</plist>

 

I also included the script to grant the following permissions:

#Grant Permission
/usr/sbin/chown root:wheel "/Library/LaunchDaemons/com.microsoft.wdav.schedfullscan.plist"
/bin/chmod 644 "/Library/LaunchDaemons/com.microsoft.wdav.schedfullscan.plist"

/usr/sbin/chown root:wheel "/Library/LaunchDaemons/com.microsoft.wdav.schedquickscan.plist"
/bin/chmod 644 "/Library/LaunchDaemons/com.microsoft.wdav.schedquickscan.plist"

#Start at boot
/bin/launchctl bootstrap system "/Library/LaunchDaemons/com.microsoft.wdav.schedfullscan.plist"
/bin/launchctl bootstrap system "/Library/LaunchDaemons/com.microsoft.wdav.schedquickscan.plist"

#Load and start the file
launchctl load /Library/LaunchDaemons/com.microsoft.wdav.schedfullscan.plist
launchctl start com.microsoft.wdav.schedfullscan.plist

1 REPLY 1

merladmin
New Contributor II

For now, I'll use a script to run daily within a specific a time frame via policy and the current user profile:

#!/bin/sh

#run script on the current user profile
current_user=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name : / && ! /loginwindow/ {print $3}')

mdatp scan full

exit 0