OnDemand Scan Commands

The OnDemand scan can be performed immediately without waiting for the next scheduled scan. Users with the Cloud Agent Manager role can run the OnDemand Scan. This section covers the following:

OnDemand Scan Commands via Command Line Utility	Custom Scan Recommendations
Scan Options Examples	OnDemand Scan User-Interface Settings

OnDemand Scan Commands via Qualys User Interface Tool

Run the following commands to trigger the OnDemand scan via the Qualys User Interface Tool:

• bduitool location
  /usr/local/qualys/cloud-agent/epp/engine/bin/bduitool
• Run the bduitool command with one of the available scan options:
  get scanprof [full/quick/custom]
• Run the following command to display the scan profile settings for the full, quick, or custom scan:
  scan -s full|quick|task <taskID>|(custom <path1> <path2>...)

  For custom scans, specify a list of paths to be scanned, such as folders or files; you can also use wildcards.

• Run the following command to pause all the running scan tasks:
  scan -p
• Run the following command to resume all the paused running scan tasks:
  scan -r
• Run the following command to stop all running or pause scan tasks: scan -q

  The pause, resume, or stop commands apply only to scans initiated from Qualys Inc. User Interface Tool.

• Run the following command to display details of all running scan tasks, including a task identifier. The tasks that are in progress are listed first:
  get scantasks
• Run the following command to display the last finished scan task information. If the task ID is mentioned, the command can also display details about the last run of a specific task:
  get scanlog <taskID>
• Run the following command to display the status of the scan task with the specified task ID:
  get scanstatus [<taskID>]
• Run the following command to display detailed information about the quarantined files:
  get quar [-s<integer_value>]

- s<integer_value> is a parameter that displays the specified number of most recent quarantined items.
  
  Example:
  get quar -s 10 command displays the first 10 items from quarantine.
• Qualys Inc. User Interface Tool stores a detailed log of events concerning its activity on your system. Run the following command to display the list of events that the Antimalware module has detected:
  get events[-s<integer_value>]

Scan Options Examples

• Run the following command to perform a full scan:
  scan -s full
• Run the following command with a specific task ID:
  scan -s task <taskID>

• Run the following command to run a custom scan on the specified file and folders:
  scan -s custom /home/user1/folder1 /home/user1/file.txt

Custom Scan Recommendations

If using wildcards for custom scans, we recommend the following:

• To expand a single directory level:
  scan -s custom /dir/*/dir
• To expand the full directory level:
  scan -s custom "/dir/*/dir"
• To substitute a single character using the question mark
  scan -s custom "/dir/*/dir?"

OnDemand Scan User-Interface Settings

The OnDemand Scan, scans the file system and memory for malware and other threats and takes remediation actions. You can configure the OnDemand Scan Settings from the EDR application.

Perform the following steps in the EDR application to configure the OnDemand Scan:

1. Go to the Configuration tab.
2. Click New Anti-malware Profile.
3. In the Create New: Anti-malware Profile, provide the inputs for the mandatory fields.
   The OnDemand Scan is Step 4 in the Create Anti-malware Profile process. 
4. Enable the OnDemand Scan toggle. Select the Action, Scan, and Others fields per your network infrastructure. 
   
   The following screenshot is an example of the OnDemand Scan user-interface settings:
   
   
5. After providing all the inputs in each step, in the Review and Confirm step, review all the configuration settings and click Create Anti-malware Profile.

---