https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/active-scanning-on-endpoints/m-p/521880#M3169 <P>We intend to perform scheduled scanning on all endpoints. So we wondered if active scanning was required on all endpoints repeatedly, or if cortex developed its own scan whenever a new file was created or added to the system.</P> Mon, 21 Nov 2022 14:30:38 GMT Shashanksinha 2022-11-21T14:30:38Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/active-scanning-on-endpoints/m-p/521880#M3169 <P>We intend to perform scheduled scanning on all endpoints. So we wondered if active scanning was required on all endpoints repeatedly, or if cortex developed its own scan whenever a new file was created or added to the system.</P> Mon, 21 Nov 2022 14:30:38 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/active-scanning-on-endpoints/m-p/521880#M3169 Shashanksinha 2022-11-21T14:30:38Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/active-scanning-on-endpoints/m-p/521882#M3170 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/203123">@Shashanksinha</a>&nbsp;</P> <P>CXDR doesnt work as a traditional AV. We are not the same. We do not scan files continously since this is time consuming and even worst high consumption of resources for very little value. Scanning AVs are based on old signatures that advance attackers never use, which leave you unprotected against real threats.</P> <P>We are based on behavior. Even though you can still perform scheduled scans, we do not recommend to do it too often to not to waste your assets resources also as mentioned before you wont detect may threats that are not on AV&nbsp; signatures.&nbsp;</P> <P>Scans in CXDR are performed just if you configure them, so not by default</P> <P>Hope this helps,</P> <P>Luis&nbsp;</P> <P>&nbsp;</P> Mon, 21 Nov 2022 15:38:10 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/active-scanning-on-endpoints/m-p/521882#M3170 eluis 2022-11-21T15:38:10Z