Scans Setup

Go to PC > Scans > Setup to see global setup options related to scanning.

Some options may not be available, depending on your service level and subscription settings.

Inactive Instance Purge

This option lets you purge compliance data for only the inactive instances on a host, and keep compliance data for the active instances. A Manager can enable this option and set a timeframe in order to automatically purge instances when they have not been evaluated within the specified timeframe. This is especially useful when Scan by Policy is used. With Scan by Policy, we keep instance data for all previously discovered instances even if they are no longer present on the asset. (Note that we will only purge an instance if at least one instance of the same technology type was evaluated within the timeframe.)


View the storage settings for scan results, as defined for your account, and change if you want. You can save results up to a maximum of 13 months.

Excluded Hosts

Hosts added to the excluded hosts list will never be scanned by the service, even if included in the scan target by a user.

Dissolvable Agent

You must accept the Dissolvable Agent (Agent) in order to perform certain types of security scans. Once accepted, the Agent is installed as needed on your Windows devices to collect host data. The Agent removes itself completely when the scan is complete. Learn more

PCI Account Links

To share PCI scans with your PCI Merchant accounts, you must create links to those accounts. Go to the PCI Account Links Setup page to manage your PCI account links.

Scheduled Scans

The Manager primary contact has the option to prevent the service from starting a new scheduled scan when there's an instance of it running. Also the Manager primary contact has the option to allow users to configure a scheduled scan to relaunch once a scan instance finishes. This supports continuous scanning.

Scanner Trusted CA

The Manager primary contact has the option to accept this feature allowing Managers to create a list of private certificate authorities for use by the scanner. Learn more

DNS Tracking

The Manager primary contact has the option to automatically change the tracking method from IP to DNS for hosts when a valid DNS hostname is detected at scan time. This applies only when scans are launched by DNS hostname. Learn more

Syslog Forwarding

A Manager user has the option to enable this feature to have scan related syslog messages (/var/log/messages syslog stream) forwarded from scanner appliances to a remote syslog server. Once enabled, syslog forwarding is on for all scanner appliances (virtual and physical) currently in the subscription and for new scanners that get added later. Learn more