Running an OnDemand Scan via User Interface
The OnDemand Scan, scans the file system and memory for malware and other threats and takes remediation actions. You can configure the OnDemand Scan Settings from the EDR UI.
Perform the following steps in the Configuration tab:
- Click New Anti-malware Profile. If a profile is already created, from the Quick Actions menu, click Edit.
- Go to Step 3-OnDemand Scan.
- Enable the OnDemand Scan toggle. The page displays Create a Scan Task, Configure Contextual Scan, and Device Scan fields. The following screenshot is an example of the OnDemand Scan user-interface settings:
- Create Scan Task: Click the to create a scan task and schedule the scan settings. Following are the steps in the Create New: Scan Task page:
- Basic Details: In the Basic Details step provide the Task Name for Performance Scan.
- Select any one of the following Performance Scan:
- Quick Scan- Select this option to perform scans only to the location that is most likely for a malware infection.
- Full Scan- This scan performs a complete scan of all the files and folders in the system.
- Network Scan- To scan only the network devices select this scan.
- Custom Scan- Select this option to perform scans at the locations mentioned in the Scan Configuration (step-iii) of this procedure.
- Target: In the Specific Path field mention the target for the scan.
- Select any one of the following Performance Scan:
- Click Next.
- Scan Configuration: Provide the Scan Name and other configuration information.
- Scan Scope- From the Scan Scope drop-down select any one of the scopes- All Files, Application Only, and User-Defined Extensions. You should provide the extensions if the scan scope is User Defined Extensions.
- Scan Setting- The scan settings are categorized as-
- Aggressive- Select this option to scan all accessed files from local and network drives along with archived and zero-risk files.
- Normal- This option performs scan on all accessed files from local drives and application files from network drives.
- Permissive- To scan accessed application files from local and network drives and incoming emails select this option.
- Custom- Select this option to define the scan settings according to your organization's requirements.
The following screenshot is an example of the Application Only Scan Scope with Custom Scan setting:
-
Click Next.
-
Schedule: You can schedule a Daily, Weekly, or Monthly scan recurrence.
-
Click Create Scan Task.
- Basic Details: In the Basic Details step provide the Task Name for Performance Scan.
-
The newly created task is listed in Scan Task section. Refer the following screenshot of Full Scan Task that is schedule for the Weekly recurrence:
-
Configure Contextual Scans: If you did not create a scan task, select Create New. Click the option Select from a Predefined Scan to select the scan name you have created.
-
Device Scan: Select this option to scan external storage devices such as CD/DVD Media or USB Storage.
-
Select the Exception option if you do not want the entire storage to be scanned. You can mention the unit in MB.
-
Select Create New or Select from a Predefined Scan for Device Scan Configuration.
The following screenshot is an example of the OnDemand Scan with Create a Scan Task, Configure Contextual Scan, and Device Scan fields configured:
- After providing all the inputs in each step, in the Review and Confirm step, review all the configuration settings and click Create Anti-malware Profile.