OnDemand Scan

The OnDemand scan can be performed immediately without waiting for the next scheduled scan. Users with the Cloud Agent Manager role can run the OnDemand Scan.

OnDemand Scan Commands via Qualys User Interface Tool

Run the following commands to trigger the OnDemand scan via the Qualys User Interface Tool:

bduitool location in your system:
/usr/local/qualys/cloud-agent/epp/engine/bin/bduitool
Run the bduitool command with one of the available scan options:
get scanprof [full/quick/custom]
Run the following command to display the scan profile settings for the full, quick, or custom scan:
scan -s full|quick|task <taskID>|(custom <path1> <path2>...)

For custom scans, specify a list of paths to be scanned, such as folders or files; you can also use wildcards.
Run the following command to pause all the running scan tasks:
scan -p
Run the following command to resume all the paused scan tasks:
scan -r
Run the following command to stop all running or pause scan tasks:
scan -q

The pause, resume, or stop commands apply only to scans initiated from Qualys Inc. User Interface Tool.
Run the following command to display details of all running scan tasks, including a task identifier. The tasks that are in progress are listed first:
get scantasks
Run the following command to display the last finished scan task information. If the task ID is mentioned, the command can also display details about the last run of a specific task:
get scanlog <taskID>
Run the following command to display the status of the scan task with the specified task ID:
get scanstatus [<taskID>]
Run the following command to display detailed information about the quarantined files:
get quar [-s<integer_value>]

- s<integer_value> is a parameter that displays the specified number of most recent quarantined items.

Example:

get quar -s 10 command displays the first 10 items from quarantine.
Qualys Inc. User Interface Tool stores a detailed log of events concerning its activity on your system. Run the following command to display the list of events that the Antimalware module has detected:
get events[-s<integer_value>]

Scan Options Examples

Run the following command to perform a full scan:
scan -s full
Run the following command with a specific task ID:
scan -s task <taskID>
Run the following command to run a custom scan on the specified file and folders:

scan -s custom /home/user1/folder1 /home/user1/file.txt

Custom Scan Recommendations

If using wildcards for custom scans, we recommend the following:

To expand a single directory level:
scan -s custom /dir/*/dir
To expand the full directory level:
scan -s custom "/dir/*/dir"
To substitute a single character using the question mark:
scan -s custom "/dir/*/dir?"

OnDemand Scan User-Interface Settings

The OnDemand Scan, scans the file system and memory for malware and other threats and takes remediation actions. You can configure the OnDemand Scan Settings from the EDR UI.

Perform the following steps in the Configuratation tab:

Click New Anti-malware Profile. If a profile is already created, from the Quick Actions menu, click Edit.
Go to Step 3-OnDemand Scan.
Enable the OnDemand Scan toggle. The page displays Create a Scan Task, Configure Contextual Scan, and Device Scan fields. The following screenshot is an example of the OnDemand Scan user-interface settings:
Create Scan Task: Click the to create a scan task and schedule the scan settings. Following are the steps in the Create New: Scan Task page:
1. Basic Details: In the Basic Details step provide the Task Name for Performance Scan.
  - Select any one of the following Performance Scan:
    - Quick Scan- Select this option to perform scans only to the location that is most likely for a malware infection.
    - Full Scan- This scan performs a complete scan of all the files and folders in the system.
    - Network Scan- To scan only the network devices select this scan.
    - Custom Scan- Select this option to perform scans at the locations mentioned in the Scan Configuration (step-iii) of this procedure.
  - Target: In the Specific Path field mention the target for the scan.
2. Click Next.
3. Scan Configuration: Provide the Scan Name and other configuration information.
  - Scan Scope- From the Scan Scope drop-down select any one of the scopes- All Files, Application Only, and User-Defined Extensions. You should provide the extensions if the scan scope is User Defined Extensions.
  - Scan Setting- The scan settings are categorized as-
    - Aggressive- Select this option to scan all accessed files from local and network drives alongwith archived and zero-risk files.
    - Normal- This option performs scan on all accessed files from local drives and application files from network drives.
    - Permissive- To scan accessed application files from local and network drives and incoming emails select this option.
    - Custom- Select this option to define the scan settings according to your organization requirement.
      The following screenshot is an example of the Application Only Scan Scope with Custom Scan setting:
4. Click Next.
5. Schedule: You can schedule a Daily, Weekly, or Monthly scan recurrence.
6. Click Create Scan Task.
The newly created task is listed in Scan Task section. Refer the following screenshot of Full Scan Task that is schedule for the Weekly recurrence:
Configure Contextual Scans: If you did not create a scan task, select Create New. Click the option Select from a Predefined Scan to select the scan name you have created.
Device Scan: Select this option to scan external storage devices such as CD/DVD Media or USB Storage.
Select the Exception option if you do not want the entire storage to be scanned. You can mention the unit in MB.
Select Create New or Select from a Predefined Scan for Device Scan Configuration.

The following screenshot is an example of the OnDemand Scan with Create a Scan Task, Configure Contextual Scan, and Device Scan fields configured:

After providing all the inputs in each step, in the Review and Confirm step, review all the configuration settings and click Create Anti-malware Profile.