https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/on-demand-file-examination-policy/m-p/1223766#M8051 <P>Hi,</P> <P>&nbsp;</P> <P>I've got 3 questions.<BR />1. I want to schedule a daily scan on servers with cortex xdr, I'm aware that Cortex only has options for weekly and monthly, so I tried creating a new profile for each day mapping them to the same servers but some are being scanned, other are not. What might be the reason?<BR /><BR />2. Also for them to work do I have to always re-order the policies? If it's a Monday, I have to bring up the policy for monday, and when it's tuesday i re-arrange the policies again, ensuring that the one for tuesday is at the top. How can this work without my intervention of re-arranging the policies?<BR /><BR />3. Another question, I want a policy for linux that works the same as "on-write file protection" on windows. could you recommend how to go about this? I want to ensure every file uploaded to the server is scanned before it can be used; if found to be malicious, it should be blocked or quarantined, if not it passes and can be used/dumped onto the server.<BR /><BR />Thank you.</P> Thu, 13 Mar 2025 13:36:54 GMT jannette 2025-03-13T13:36:54Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/on-demand-file-examination-policy/m-p/1223766#M8051 <P>Hi,</P> <P>&nbsp;</P> <P>I've got 3 questions.<BR />1. I want to schedule a daily scan on servers with cortex xdr, I'm aware that Cortex only has options for weekly and monthly, so I tried creating a new profile for each day mapping them to the same servers but some are being scanned, other are not. What might be the reason?<BR /><BR />2. Also for them to work do I have to always re-order the policies? If it's a Monday, I have to bring up the policy for monday, and when it's tuesday i re-arrange the policies again, ensuring that the one for tuesday is at the top. How can this work without my intervention of re-arranging the policies?<BR /><BR />3. Another question, I want a policy for linux that works the same as "on-write file protection" on windows. could you recommend how to go about this? I want to ensure every file uploaded to the server is scanned before it can be used; if found to be malicious, it should be blocked or quarantined, if not it passes and can be used/dumped onto the server.<BR /><BR />Thank you.</P> Thu, 13 Mar 2025 13:36:54 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/on-demand-file-examination-policy/m-p/1223766#M8051 jannette 2025-03-13T13:36:54Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/on-demand-file-examination-policy/m-p/1223872#M8060 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/721779985">@jannette</a>, thanks for reaching us using the Live Community.</P> <P>&nbsp;</P> <P>1. Maybe you have some endpoints that have not ended or even started the previous scan. You can check the status of the scans under&nbsp;<STRONG>Incident Response - Response - Action Center.</STRONG></P> <P>&nbsp;</P> <P>2. To force the daily scans, that's how it has to be done using the console. You have an option using a third party, calling the "scan" endpoint API to start the scan for the servers you need. More info in our <A href="http://Incident%20Response - Response - Action Center" target="_self">API doc</A>.</P> <P>&nbsp;</P> <P>3. Unfortunately, the on-write protection is only available for Windows at the moment.</P> <P>&nbsp;</P> <P>If this post answers your question, please mark it as the solution.</P> Fri, 14 Mar 2025 13:16:00 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/on-demand-file-examination-policy/m-p/1223872#M8060 jmazzeo 2025-03-14T13:16:00Z