FortiClient EMS and Scheduled AV Scans

One of the main issues we are currently having is that the FortiClient has been running full system scans outside of the scan schedule. We set the scan schedules in a profile in EMS and verified that the workstations have the profile for the scan to run every Wednesday at 12:00PM. Our users are seeing the scan run at random times during the day on different days.

Might not be related, but we have enabled the Real-time Protection to “Scan files as they are downloaded or copied to my system.” Since this was a real-time protection option, I didn’t think it was related to the Schedule scan, but I am open to any feedback on using this option.

During some further digging around, I found in the EMS admin logs that a lot of our devices are being unregistered. I am not really sure why they would be unregistering and it seems that it has been happening for a month now. When I look at the endpoint in EMS they are all showing as registered. This could be related or not to the random daily full scans but I'm at a loss here.

EMS admin log Example:

2016-12-06 19:22:39,Notice,SourceEmsServer,'Workstation1' unregistered

2016-12-06 19:25:01,Notice,SourceEmsServer,'Workstation1' unregistered

,2016-12-06 19:37:51,Notice,SourceEmsServer,'Server1' unregistered

,2016-12-06 20:58:33,Notice,SourceEmsServer,' Server1' unregistered

,2016-12-06 20:59:39,Notice,SourceEmsServer,'Workstation2' unregistered

….

,2017-01-05 16:36:36,Notice,SourceEmsServer,'Workstation3' unregistered

,2017-01-05 16:38:35,Notice,SourceEmsServer,'Workstation4' unregistered