topic Re: Active Scanning on Endpoints in Cortex XDR Discussions

Active Scanning on Endpoints

RamyashreeMada — Fri, 18 Nov 2022 13:56:19 GMT

Hello,

We intend to perform scheduled scanning on all endpoints. So we wondered if active scanning was required on all endpoints repeatedly, or if cortex developed its own scan whenever a new file was created or added to the system.

Re: Active Scanning on Endpoints

afurze — Tue, 22 Nov 2022 03:06:26 GMT

Hi RamyashreeMada,

Cortex XDR protection capabilities only apply when processes execute, we do not scan files on-write. The periodic scan feature allows you to identify malicious files stored on disk which are not attempting to execute.

Re: Active Scanning on Endpoints

RamyashreeMada — Wed, 21 Dec 2022 09:12:22 GMT

Hello,

Can we run malware scan based on IP range?

Re: Active Scanning on Endpoints

afurze — Thu, 22 Dec 2022 20:26:41 GMT

RamyashreeMada,

There are two ways you can run Malware scans in XDR, documented in our Tech Docs. First, you can set up periodic malware scans via the Malware Protection profile. If you want to run an ad-hoc scan, you can use an action, from Incident Response -> Action Center or on the All Endpoints page by right clicking the endpoint. From either location, you can filter to find endpoints you want to target, for example, using IP address in a range, and then execute a malware scan action.