Running On-demand Scan

Running On-demand Scan

After setting up the environment required to run On-demand Scan, you or endpoint users can begin to run On-demand Scans.

This topic discusses how to run the scan on agentless endpoints and endpoints with Threat Management Agent installed.

On-demand Scan on Agentless Endpoints

On-demand Scan is intended primarily for agentless endpoints, where routine threat mitigation tasks cannot be performed.

On-demand Scan on agentless endpoints can only be run by endpoint users. You cannot launch the scan remotely from the Threat Mitigator console.

As an administrator, perform the following tasks to prepare endpoints for On-demand Scan and monitor the scan status:

1. Verify that the endpoint can connect to Threat Mitigator. The On-demand Scan files are downloaded from Threat Mitigator.

2. Provide users with the On-demand Scan link found on the following Threat Mitigator console screens:

Logon screen

 

On-demand Scan link on the Logon screen

On-demand Scan screen

 

On-demand Scan link on the On-demand Scan screen

3. Send the On-demand Scan procedure to users who will run On-demand Scan. See To run On-demand Scan on agentless endpoints: for the procedure.

4. After users launch On-demand Scan, access the Threat Management screen periodically to view endpoints that encountered On-demand Scan problems. Problem details are also available in the threat event logs (see Threat Event Logs for details). You can instruct users to repeat On-demand Scan to resolve the problems.

To run On-demand Scan on agentless endpoints:

1. Type the On-demand Scan URL in an Internet Explorer browser.

2. On the screen that opens, click Run on-demand scan now.

 

On-demand Scan start screen

3. A system prompt displays if running the scan for the first time. Click Install to continue.

Files begin to download to the endpoint. When all files have been downloaded, a user interface window displays to guide users in launching and completing the scan.

4. Accept the terms of the license agreement and then click Next.

 

License agreement screen

5. Click Scan Now.

 

On-demand Scan main window

The scan progress displays on the same screen.

• The number of files to scan depends on the scan type configured from the Threat Mitigator console. For details, see step 2 in the procedure To configure On-demand Scan settings:.

6. If threats were found, threat details display on the 2. Fix Problems tab. If an action was performed under this tab, a summary of the results displays on the next tab 3. Review Results.

7. Click Close.

8. To perform another scan, repeat steps 1 to 6.

9. To view threat details from previous scans, click the Previous Scan tab and then select the scan session from the dropdown list.

 

Previous Scans tab

10. For detected threats that are actually harmless, click Restore to move the affected file back to its original location.

On-demand Scan on Endpoints with Agents

On-demand Scan complements routine threat mitigation tasks performed by Threat Management Agent. It allows you to determine an endpoint's overall security posture even if information is not readily available from Threat Mitigator data sources.

You or endpoint users can run On-demand Scan if the agent is installed on the endpoint.

To allow users to run On-demand Scan, see the instructions and guidelines in Running On-demand Scan.

To run On-demand Scan without any user intervention, launch it remotely from the Threat Mitigator console.

Perform the following steps before launching On-demand Scan remotely:

1. Inform the user ahead of time that On-demand Scan will be launched remotely so that the user can prepare the endpoint for the scan. Doing this also ensures that the scan can proceed without problems or delays.

2. Ensure that the Threat Management Agent on the endpoint can connect to Threat Mitigator. You can check the connection status from the Threat Mitigator console.

To launch On-demand Scan remotely:

• Threat Management

1. Type the endpoint's IP address or host name in the Search endpoint text box.

2. Verify that the endpoint is connected to Threat Mitigator. On the table on the lower section of the screen, a green-colored icon displays under the Connectivity column.

3. Click Launch On-demand Scan.

No user interface displays on the endpoint. All scan tasks (such as downloading of On-demand Scan files and the actual scanning) occur in the background.

If there are issues during scanning, Threat Management Agent collects forensic data. Submit forensic data to Trend Micro by performing case submission. For details, see Submit a Case.

See also:

• On-demand Scan

• On-demand Scan Checklist