Scan policy settings define how Nebula behaves when running a scheduled or on-demand Threat scan.
Scan settings
To locate the Scan settings tab in your policy:
- Go to Configure > Policies.
- Select a policy.
- Select the Scan settings tab to see the specific settings available for each operating system.
For the default settings, see ThreatDown recommended policy for Nebula.
Threat Scans
Threat Scans are more thorough than a Hyper Scan. Threat Scans have the following options:
- Scan the contents of compressed folders (e.g. .zip, .rar. etc.): The scan checks inside of compressed files.
- Detect signature-less anomalous files: The scan looks at file behavior in addition to scanning files using known threat information.
-
Scan for rootkits on the endpoints: Scans the system kernel, firmware, and memory for rootkits. This may increase the time required to complete a scan and impact performance as it takes longer to read the disk in order to avoid interference from rootkits.
Note: Not available on Windows endpoints running an Advanced RISC Machine (ARM) processor.
Threat Scans, Hyper Scans, and Real-Time Protection
These options apply to Threat Scans, Hyper Scans, and Real-Time Protection:
- Treat potentially unwanted programs (PUPs) as malware (recommended): Specifies if Potentially Unwanted Programs are treated as malware or ignored.
- Treat potentially unwanted modifications (PUMs) as malware (recommended): Specifies if Potentially Unwanted Modifications are treated as malware or ignored. Applies to Windows endpoints only.
Applies to Mobile devices only
These options apply to scans on Android and ChromeOS devices. The options are as follows:
- Use deep scanner during a full scan: Scan the entire mobile device for threats. Enabling this setting impacts scan duration.
- User power saver during scans: Minimize background activity on the device while scans are running.
- Perform scans only while charging: Only allow scans to run while the mobile device is charging.
- Scan automatically after reboot: Automatically run a scan after a reboot.
- Scan automatically after update: Automatically run a scan after a protection update.
Additional scan options
Additional scan options to determine the system priority and CPU usage of scans.
Options in this section are as follows:
-
Select how endpoints should prioritize scans vs system performance: Enables manual priority selection for Windows scheduled scans.
- Low priority: Scans require more time to complete, but have a lower performance impact.
- High priority: Allows scans to run faster, but may impact system performance.
-
Select maximum allocation of CPU resources for scans: Controls the maximum amount of processing power used during a manual or scheduled scan on Mac endpoints. Select from the following options:
- Low (Default) - Uses approximately 25% of a single CPU core for the slowest scan.
- Medium - Uses approximately 50% of a single CPU core for a slower scan.
- High - Uses up to 100% of a single CPU core for faster scans.