Active Scanning on Endpoints

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Active Scanning on Endpoints

L3 Networker



We intend to perform scheduled scanning on all endpoints. So we wondered if active scanning was required on all endpoints repeatedly, or if cortex developed its own scan whenever a new file was created or added to the system.


L4 Transporter

Hi RamyashreeMada,


Cortex XDR protection capabilities only apply when processes execute, we do not scan files on-write.  The periodic scan feature allows you to identify malicious files stored on disk which are not attempting to execute.

L3 Networker


Can we run malware scan based on IP range?



There are two ways you can run Malware scans in XDR, documented in our Tech Docs.  First, you can set up periodic malware scans via the Malware Protection profile.  If you want to run an ad-hoc scan, you can use an action, from Incident Response -> Action Center or on the All Endpoints page by right clicking the endpoint.  From either location, you can filter to find endpoints you want to target, for example, using IP address in a range, and then execute a malware scan action.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!