On-demand computer scanning and disinfection

To scan and disinfect user computers on demand, Advanced EPDR uses the task infrastructure.

Required permissions

The user account used to access the web console must have the Launch scans and disinfect permission assigned to its role. For more information about the permissions system, see Managing roles and permissions.

Types of on-demand scans

Immediate (Scan now option)

A task that starts immediately and which scans and disinfects the local file system (it does not scan network drives).

Advanced EPDR creates a task with these characteristics:

  • Maximum run time: Unlimited.

  • Task start:

    • If the target computer is turned on, the task starts as soon as it is launched.

    • If the target computer is turned off, the task is postponed until the computer becomes available within the next 7 days.

  • The computer areas that are scanned are as follows:

    • The entire computer:

      • Memory.

      • Boot system.

      • Cookies.

      • Internal storage devices. Complete file system, all extensions.

      • Storage devices physically connected to the target computer (USB drives and others). Complete file system, all extensions.

    • Critical areas:

      • Memory.

      • Boot system.

      • Cookies.

      • %windir%\system32, %windir%\SysWow64. All extensions.

  • The default action that is taken is:

    • When detecting a disinfectable file: The file is replaced with a clean version.

    • When detecting a non-disinfectable file: The file is deleted and a backup copy is moved to quarantine.

Scheduled (Scheduled scan option)

Create a task without settings. For more information about how to configure a scan task, see Configuring a scan task.

Accessing on-demand scan and disinfection tasks

From the computer tree

  • Select Computers in the top menu. Select the My organization tab of the computer tree in the left panel.

  • To launch an immediate scan on a group of computers, select the context menu of the group. Select Scan now . The Select the type of scan window opens.

  • Select the scan type: The entire computer or Critical areas (Recommended). Click OK. The New scan task created message appears and the task is added to the list in the Tasks section.

  • To schedule a scan on a group of computers, click the context menu of the group. Select Schedule scan . A new scan task is created. For information about how to configure it, see Configuring a scan task.

From the computer tree list

  • Select Computers in the top menu. Select the My organization tab of the computer tree in the left panel.

  • Select the group of computers. Select the checkboxes of the computers you want to scan.

  • To launch an immediate scan task, if you have selected a single computer, select the computer context menu. Select Scan now. If you have selected more than one, select Scan now in the toolbar above. The Select the type of scan window opens.

  • To schedule a scan task, if you have selected a single computer, select the computer context menu. Select Schedule scan . If you have selected more than one, select Schedule scan in the toolbar above. A new scan task is created. For information about how to configure it, see Configuring a scan task.

Configuring a scan task

  • Enter general details about the task in the Name and Description fields.

  • If no recipients are defined, click the No recipients selected link in the Recipients section. A page opens where you can select the computers that will receive the configured task.

    • To access the computer selection page, you must first save the task. If you have not saved the task, a warning message is shown.

  • Select the types of computers that will receive the task: Workstation, Laptop, or Server.

  • Click to add individual computers or computer groups. Click  to remove them.

  • Click the View computers button to view the computers that will receive the task.

  • Schedule the task. You can configure these three parameters:

    • Starts: Indicate the task start date/time.

      • Value Description

      As soon as possible (selected)

      The task is launched immediately provided the computer is available (turned on and accessible from the cloud), or as soon as it becomes available within the time interval specified if the computer is turned off.

      As soon as possible (cleared)

      The task is launched on the date selected in the calendar. Specify whether the time on the computer or the Advanced EPDR server time should be considered.

      If the computer is turned off

      If the computer is turned off or cannot be accessed, the task will not run. The task scheduler enables you to establish the task expiration time, from 0 (the task expires immediately if the computer is not available) to infinite (the task is always active and waits indefinitely for the computer to be available).

      • Do not run: The task is immediately canceled if the computer is not available at the scheduled time.

      • Run the task as soon as possible, within: Define a time interval during which the task will be run if the computer becomes available.

      • Run when the computer is turned on: There is no time limit. The solution waits indefinitely for the computer to be available to launch the task.

      Task launch parameters

    • Maximum run time: Indicates the maximum time that the task can take to complete. After that time, the task is canceled returning an error.

  • Scan options:

    • Value Description

    Scan type

    • The entire computer: Runs an in-depth scan of the computer that includes all connected storage devices.

    • Critical areas: Runs a quick scan of these areas:

      • %WinDir%\system32

      • %WinDir%\SysWow64

      • Memory

      • Boot system

      • Cookies

    • Specific items: Specify the paths you want to scan on the mass storage devices. This option supports environment variables. The solution scans the specified path and every folder and file it contains.

    Detect viruses

    Detects programs that enter computers with malicious purposes. This option is always enabled.

    Detect hacking tools and PUPs

    Enable this toggle to detect potentially unwanted programs, as well as programs that hackers can use to carry out actions that cause problems for the user of the affected computer.

    Detect suspicious files

    Scheduled scans can scan computer software statically without the need to run the software. This reduces the likelihood that the scan detects some types of threats. Enable this toggle to use heuristic scan algorithms and improve detection rates. Only programs detected by the heuristic protection are considered suspicious programs.

    Scan compressed files

    Enable this toggle to decompress compressed files and scan their contents.

    Exclude the following files from scans

    • Do not scan files excluded from the permanent protections: Select this checkbox to not scan files that the administrator allowed to execute, as well as any file that is globally excluded in the console.

    • Extensions: Specify the extensions of the files you do not want to scan. Enter multiple file extensions separated by commas.

    • Files: Specify the names of the files you do not want to scan. Enter multiple file names separated by commas.

    • Directories: Specify the names of the folders you do not want to scan. Enter multiple folders separated by commas.

    Scan options