cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

L4 Transporter

Hi, 

you can change your scan schedules when you create your malware profiles. 

Please check this: 

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/endpoint-...

 

So if you have already created your malware profile, go to the config of that profile and almost at the end of the profile you will see the Endpoint Scanning config area. There you can play with the Periodic Scan fields to change it. Please check the attached pic.

Regarding the best time to scan your endpoints, it depends on your organization schedules, the best is when the users have less work load on their endpoints. This is something you should check by yourself depending on your specific scenarios. F.e. on a previous assignment we got all desktops awaken at 8pm (by windows AD policy) and we scanned them at that time. But again you should realize when is better for your users, or maybe even create different malware profiles for different departments or office locations and scan them at a different time. 

Trouble shooting failed scans: try to figure out if they failed maybe because they had their endpoints switched off, or do they interrupted the scan maybe switching off the endpoint  ? if you identify such a case could be good to ask the end user the reason, was it all of a sudden too slow and they rebooted ? these are just some ideas, anyways be creative and try to realize about the reasons why they might failed, maybe they were human reasons. 

And of course play with the schedules for different departments or locations to suit the scans to your best potential success times.

 

NOTE: Please to not take our Cortex xdr scans as a traditional antivirus scan this is not the same concept. For us a scan is more to create a model/baseline of what is normal in your endpoint and have a control on it. When you download a new file, it will be check by us when being written on disk, at this time this file will be scanned. So basically, if you run one scan, everything that has been already scanned and is trustable do not need to be re-scanned again and again. 
Have a good XDR scan time !!

Luis 

 

EndpointScanSchedule.PNG

Who rated this post