If you are talking about On Demand Scan in VSE or Policy based Full Scan (ODS) or Quick Scan in ENS, then you may get the details.
There are two other conditions that can also lead to an On-Demand Scan generating the event 1203:
When the On-Demand Scan is terminated unexpectedly
When the On-Demand Scan is canceled
When an On-Demand Scan is canceled, an accompanying 34855 (ENS) or 1035 (VSE) eventis generated.
There is no pre-existing report for On-Demand Scan compliance. There are multiple ways to obtain event information from ePO. The following steps show an example of how to craft a custom report. In this report, compliance is shown as systems having completed an On-Demand Scan (Last Scan Completed), and non-compliance is shown as systems having either Not Scanned/Scan Cancelled.
I wish you could have a look at the KB article KB69428
If you have AH in place for roaming clients then it should not be the issue.
Please look into #:
How to create an ePolicy Orchestrator report for Endpoint Security reporting Event ID: 1203 (On-Demand Scans)
Technical Articles ID: KB87752
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?please select Accept as Solution in my reply and together we can help other members?