01-04-2023 10:32 PM
Hello,
We intend to initiate malware scans on all endpoints. Which is the best approach to perform a periodic scan, is that on a weekly or monthly basis?
01-05-2023 03:49 AM
Hi @RamyashreeMada, thank you for writing to Live Community.
Unfortunately we can not determine for you what is the best approach here. You should look into your organization's internal procedures, as well as regulatory requirements to determine the frequency of scanning.
01-17-2023 01:43 AM
Hi @RamyashreeMada ,
I would agree with @mavraham, that this really depends on your organization and security standards.
One think that I want to point out, which is often missed when discussing malware scan - Cortex XDR Malware scan follow the exact same steps of pre-execution protection.
If you recall Pre-Execution protection perform the following checks, when attempting to execute process/file :
- Check if file hash is in allow/block list
- Check if file is signed by trusted/untrusted signer
- Query wildfire for verdict
- If WF verdict is uknown (wf is unreachable) local analysis check is performed
Malware scan perform exact same checks, except for the local analysis, but without the file being executed.
In addition when malware scan is executed and it send the file hash to WildFire for verdict it will keep this verdict in local cache, which means is this file is later executed agent will use the verdict for the cache instead of querying WF again
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
