Cloud Agent Release
Limited Customer Release
July 03, 2025
New Feature — Launch Deep Scan from Cloud Agent UI
The typical VM scans does not cover the non-standard binaries, software, and middleware in the scan scope. This poses a threat of some critical vulnerabilities remaining unreported, resulting in a severe threat to organizational security and compliance posture.
To address this issue, we are introducing a new feature, Deep Scan. The deep scan detects vulnerabilities for non-standard binaries, software, and middleware that do not comply with typical system formats, locations, behavior, and are not covered under the typical system scans. This allows Cloud Agent to report data for technologies that are not supported by VM scans.
Currently, the Deep Scan feature is supported only for the Windows assets.
| Required application version | Enterprise TruRisk™ Platform 3.20.1.0 |
Steps to Configure Deep Scan Settings
The following are the steps to enable Deep Scan and configure scan parameters:
- In the Configuration Profile creation window, navigate to the Scan Configuration window.
- In the Vulnerability Management section, turn the Deep Scan toggle to ON to enable Deep Scan for the Configuration Profile.
You can configure the following parameters for the Deep Scan.
- Deep Scan Settings — Configure the following parameters for scan configuration.
- Data Collection Interval — The data collection interval sets the time lapse between the completion of the previous scan and the start of the next scan.
Range: 1440-43200 Minutes. The default value is 10080. - Scan Delay — This is the time added to the start of scanning, both for new installs and for interval scanning. Enter the time in minutes to delay the start of a scan.
Range: 0-1440 Minutes. The default value is 0. - Scan Randomize — The range of randomization added to the scan delay to offset scanning. For example, if the randomization range is 60 minutes, then a random number between 1 and 60 is calculated and used to delay the start of the next scanning interval. A value of 0 (zero) means no randomization added.
- Scan Timeout — Configure the maximum duration for the deep scan. If the scan exceeds the defined time, it is terminated.
Range: 120-1440 Minutes. The default value is 1440 minutes. - Maximum CPU Usage — Configure the maximum CPU consumption allowed for the deep scan. The default value is 30%. You may observe the momentary spikes in CPU usage.
- Data Collection Interval — The data collection interval sets the time lapse between the completion of the previous scan and the start of the next scan.
- Windows Profile Settings — Provide the following details to define the scan scope for Windows assets.
- Directories to be included: Enter the comma-separated list of directories/files for Windows assets to be included in the deep scan.
By default, C:\ directory is included for the deep scan.
You can only add the absolute path for the directories. Wildcard characters and regular expressions are not supported for specifying the directories/files.We recommend you add only the specific directories to be included in the deep scan to reduce the memory consumption and CPU usage.
- Include all Local Drives: Select this checkbox to include all the local drives in the deep scan scope.
- Directories to be excluded: Enter the comma-separated list of directories/files for Windows assets to be excluded from the deep scan.
By default, the following directories are excluded from the deep scan scope:C:\Windows,C:\System Volume Information,C:\$RECYCLE.BIN,C:\hiberfil.sys,C:\pagefile.sys,C:\swapfile.sys
- Directories to be included: Enter the comma-separated list of directories/files for Windows assets to be included in the deep scan.
- Linux Profile Settings — Provide the following details to define the scan scope for Linux assets.
- Directories to be included: Enter the comma-separated list of directories/files for Linux assets to be included in the deep scan. By default, / directory is included for the deep scan.
You can only add the absolute path for the directories. Wildcard characters and regular expressions are not supported for specifying the directories/files.We recommend you add only the specific directories to be included in the deep scan to reduce the memory consumption and CPU usage.
- Include all Local Drives: Select this checkbox to include all the local drives in the deep scan scope.
- Directories to be excluded: Enter the comma-separated list of directories/files for Linux assets to be excluded from the deep scan.
By default, the following directories are excluded from the deep scan scope:/proc*,/var/log*,/var/spool*,/etc*,/usr/bin*,/usr/sbin*,/usr/lib*,/usr/lib64*,/boot*,/sys*,/srv*,/media*,/mnt
- Directories to be included: Enter the comma-separated list of directories/files for Linux assets to be included in the deep scan. By default, / directory is included for the deep scan.
You must define the directories to be included in the deep scan scope, at least for one of the supported platforms. You can not create a deep scan configuration profile without including directories for both the Windows and Linux profiles. You can also define the deep scan scope by selecting the Include all Local Drives checkbox.