Scan an Endpoint for Malware
The Cortex XDR agent can scan your Windows and Mac endpoints
and attached removable drives for dormant malware that is not actively
attempting to run.
In
addition to blocking the execution of malware, the
Cortex
XDR agent can scan your Windows and Mac endpoints and
attached removable drives for dormant malware that is not actively
attempting to run. The Cortex
XDR agent examines
the files on the endpoint according to the Malware
security profile that
is in effect on the endpoint (quarantine settings, unknown file
upload, etc.) When a malicious file is detected during the scan,
the Cortex
XDR agent reports the malware to Cortex
XDR
so you can manually take additional
action to remove the malware before it is triggered and attempts
to harm the endpoint.You can scan the endpoint in the following
ways:
- .System scan—Initiate a full scan on demand fromEndpoints Administrationfor an endpoint. To initiate a system scan, see Initiate a Full Scan from CortexInitiate a Full Scan from Cortex.
- Periodic scan—Configure periodic full scans that run on the endpoint as part of the malware security profile. To configure periodic scans, see Add a New Malware Security Profile.
- Custom scan—(Windows, requires a) The end user can initiate a scan on demand to examine a specific file or folder. For more information, see the Cortex XDR agent administrator’s guide for Windows.CortexXDR agent 7.1 or later release
Initiate a Full Scan from Cortex
Cortex
You can
initiate full scans of one or more endpoints from either . From both locations,
you can also abort an in-progress scan. The time a scan takes to
complete depends on the number of endpoints, connectivity to those
endpoints, and the number of files for which
All
Endpoints
table or the Action Center
.
After initiating a scan, you can monitor the progress from Incident Response
Response
Action Center
Cortex
XDR
needs to obtain verdicts.To initiate a scan from
Cortex
XDR
:- Log in toCortexXDR.Select.Incident ResponseResponseAction Center+New Action
- SelectMalware Scan.
- ClickNext.
- Select the target endpoints (up to 100) on which you want to scan for malware.Scanning is available on Windows and Mac endpoints only.CortexXDRautomatically filters out any endpoints for which scanning is not supported. Scanning is also not available for inactive endpoints.If needed,Filterthe list of endpoints by attribute or group name.
- ClickNext.
- Review the action summary and clickDonewhen finished.CortexXDRinitiates the action at the next heart beat and sends the request to the agent to initiate a malware scan.
- To track the status of a scan, return to theAction Center.When the status isCompleted Successfully, you can view the scan results.
- View the scan results.After aCortexXDR agent completes a scan, it reports the results toCortexXDR.To view the scan results for a specific endpoint:
- OnAction Center, when the scan status is complete, right-click the scan action and selectAdditional data.CortexXDRdisplays additional details about the endpoint.
- Right-click the endpoint for which you want to view the scan results and selectView related security events.CortexXDRdisplays a filtered list of malware alerts for files that were detected on the endpoint during the scan.
Recommended For You
Recommended Videos
Recommended videos not found.