The Cortex XDR agent can scan your Windows and Mac endpoints
and attached removable drives for dormant malware that is not actively
attempting to run.
addition to blocking the execution of malware, the Cortex XDR agent
can scan your Windows and Mac endpoints and attached removable drives
for dormant malware that is not actively attempting to run. The
Cortex XDR agent examines the files on the endpoint according to
the Malware security profile that
is in effect on the endpoint (quarantine settings, unknown file
upload, etc.) When a malicious file is detected during the scan,
the Cortex XDR agent reports the malware to Cortex XDR so that you
can manually take additional action to remove the malware before
it is triggered and attempts to harm the endpoint.
You can initiate full scans of one or more
endpoints from either
. After initiating a scan,
you can monitor the progress from
. From both locations,
you can also abort an in-progress scan. The time a scan takes to
complete depends on the number of endpoints, connectivity to those
endpoints, and the number of files for which Cortex XDR needs to
To initiate a scan from Cortex XDR:
Log in to Cortex XDR.
Select the target endpoints (up to 100) on which you
want to scan for malware.
Scanning is available on Windows and Mac endpoints only.
Cortex XDR automatically filters out any endpoints for which scanning
is not supported. Scanning is also not available for inactive endpoints.
list of endpoints by attribute or group name.
Review the action summary and click
Cortex XDR initiates the action at the next heart beat
and sends the request to the agent to initiate a malware scan.
To track the status of a scan, return to the
When the status is
you can view the scan results.
View the scan results.
After a Cortex XDR agent completes a scan, it reports the
results to Cortex XDR.
To view the scan results for a specific
when the scan status is complete, right-click the scan action and
Cortex XDR displays additional details about the endpoint.
Right-click the endpoint for which you want to view
the scan results and select
View related security events
Cortex XDR displays a filtered list of malware alerts for
files that were detected on the endpoint during the scan.