Nebula can run automated scans on your endpoints on a schedule that you choose. If you prefer, scheduled scans can quarantine threats and Potentially Unwanted Programs without manual action. This article shows how to create a scheduled scan and explains the related options.
Scheduled scans are managed at the group level. If you create additional groups and move your endpoints, be sure to come back to your scheduled scans and assign the scans to the new groups.
These scans run using the endpoints' locally configured time. Offline endpoints use the synchronized scan schedule from when it last checked in with the Nebula console.
Create a scheduled threat scan
- On the left navigation menu, go to Configure > Schedules.
- Click New to create a new schedule.
- Enter a Schedule Name and choose Detections scan under Type.
- Choose the operating systems you want to run the scan on by checking their boxes.
- Check the Quarantine threats automatically box to have Nebula place threats into quarantine without prompting the end user.
- Check the Treat Potentially Unwanted Programs (PUPs) as malware box for Mac scans to detect PUPs.
- For Windows, these settings are configured in the policy or with a custom scan. For more information, see Scan policy settings in Nebula.
-
For windows only scans, select a scan method:
- Threat Scan: Threat Scans are recommended and detect most common threats by scanning conventional locations on an endpoint where threats can occur. Threat Scans use heuristic analysis, a technique that looks for certain malicious behaviors in files that Nebula hasn't seen before.
- Hyper Scan: A quick scan that checks memory and startup objects for threats.
- Custom scan: Custom scans allow you to specify which objects and paths to scan. For more information on the custom scan settings, see Types of scans in Nebula.
- Note: iOS devices cannot be scanned.
- In the Schedule groups tab, select target groups for the schedule. Any child groups are automatically selected.
Note: Revisit and update schedules to include new groups created in Nebula assigned with endpoints. - In the Schedule frequency tab, set the following parameters:
-
Frequency: How often the scan occurs. Scans happen using the endpoint's local time zone.
Note: Avoid creating overlapping schedules, as this may cause scans to stack up and run consecutively.-
Hourly: Select the number of hours between schedules and the start time.
Note: Hourly scans are not recommended on mobile endpoints due to battery usage. - Daily: Select the starting date and time.
- Weekly: Select the number of weeks between schedules, the start date and time, and the days of the week to scan.
- Monthly: Select the start date and time.
-
Hourly: Select the number of hours between schedules and the start time.
- Run missed schedules as soon as possible: Toggle ON to recover missed scheduled scans due to endpoints being powered off or asleep. The scan automatically starts the next time the endpoint connects to Nebula.
-
Frequency: How often the scan occurs. Scans happen using the endpoint's local time zone.
- In the top right, click Save.
Create a scheduled Inventory and Vulnerability Scan
An Inventory & Vulnerability Scan retrieves information on all endpoints in a group and updates the Endpoint Properties screens for that group. The information gathered is determined by the Software Management settings in each group's policy.
Note: Before you set a scheduled Inventory & Vulnerability Scan, check the Software Management settings for your group policies. For more information, see Software management policy settings in Nebula.
- On the left navigation menu, go to Configure > Schedules.
- Click New to create a new schedule.
- Enter a Schedule Name.
- Choose Scan Inventory & Vulnerability under Type.
- In the Schedule groups tab, select target groups for the schedule. Any child groups are automatically selected.
- In the Schedule frequency tab, set the following parameters:
-
Frequency: How often the scan occurs. Scans happen using the endpoint's local time zone.
- Hourly: Select the number of hours between schedules and the start time.
- Daily: Select the starting date and time.
- Weekly: Select the number of weeks between schedules, the start date and time, and the days of the week to scan.
- Monthly: Select the start date and time.
- Run missed schedules as soon as possible: Toggle ON to recover missed scheduled scans due to endpoints being powered off or asleep. The scan automatically starts the next time the endpoint connects to Nebula.
-
Frequency: How often the scan occurs. Scans happen using the endpoint's local time zone.
- In the top right, click Save.
The Inventory & Vulnerability Scan updates endpoint information in the console. This information is organized in Endpoint Properties on the Endpoints screen. On the left navigation menu, go to Manage > Endpoints, then click an endpoint name to view Endpoint Properties. Use the tabs on the Endpoint Properties screen to view details about the endpoint.
For scheduling third-party software updates and operating system patches, click the following links below: