This article covers recommended scheduled scans and their related settings for each Nebula subscription type. As these are only recommendations, make sure to configure schedule settings and frequency that suit your environment to avoid performance issues.
As a general rule, we do not recommend creating overlapping schedules, as this may cause scans to stack up and run consecutively.
Note: Starting March 2026, all new schedules have a 60-minute time window by default to spread out scan start times and improve system responsiveness. To apply this option to your existing schedules, click Boost performance in the top banner in the Schedules page.
Detection Scans
Detection scans detect and quarantine threats that can not be blocked in real time. We recommend enabling all OS platforms and Quarantine found threats automatically on all detection scans. Without this option, found threats appear as active detections in the Detection Center and must be quarantined manually. See Active Detections for more information.
- Daily Threat Scan: Keeps endpoints secure with minimal performance impact. Scans average under 15 minutes to complete.
- Weekly Full Scan: Uses the Custom Scan method to check a comprehensive set of objects and all local drives. It is heavier than the daily scan and averages a few hours to complete.
| Schedule Name | Scan Method | Schedule Groups | Frequency | Recovery Options | Notes |
|---|---|---|---|---|---|
| Daily Threat Scan (Workstation) | Threat Scan | All workstation groups | Daily, during lunch | Yes | |
| Daily Threat Scan (Server) | Threat Scan | All server groups | Daily, after business hours, outside maintenance window | No | |
| Weekly Full Scan (Workstation) | Custom Scan | All workstation groups | Weekly, any work day after 4PM | ⚠️ No | Disable Scan for rootkits |
| Weekly Full Scan (Server) | Custom Scan | All server groups | Weekly, during the weekend, outside maintenance window | ⚠️ No | Disable Scan for rootkits |
Software Inventory & Vulnerability Scan
This scan retrieves hardware and software information from your endpoints based on the Software Management settings in each policy. See our recommended policy settings for Nebula to configure these.
If you are subscribed to Vulnerability Assessment, this scan also identifies software vulnerabilities. If you are subscribed to Vulnerability and Patch Management, this scan identifies available Windows OS patches too. We recommend running it daily to keep endpoint and vulnerability information up to date.
| Schedule Name | Scan Method | Schedule Groups | Frequency | Recovery Options |
|---|---|---|---|---|
| Daily Inventory & Vulnerability Scan (Workstation) | Software Inventory Scan | All workstation groups | Daily, during lunch | Yes |
| Daily Inventory & Vulnerability Scan (Server) | Software Inventory Scan | All server groups | Daily, after business hours, outside maintenance window | No |
Note: If you are not subscribed to either add-on, remove "Vulnerability" from the schedule name to avoid confusion.
Scheduled Software Updates and Windows OS Patches
Customers subscribed to the Vulnerability and Patch Management add-on can automatically keep supported software and Windows OS versions up to date to protect against known vulnerabilities detected by the Software Inventory & Vulnerability scan above. Specific policy settings must be enabled first, see recommended policy settings for Nebula.
Choosing an early scan start time helps installing updates when end users have not started using all software, allowing silent updates without prompting end users to close software. With Recovery options enabled, missed schedules automatically start the next time the endpoint connects to Nebula. You should always choose a schedule frequency at your own discretion that ensures a good cybersecurity hygiene while not creating a bad user experience.
We recommend installing software updates and OS patches on servers manually during the maintenance window, as both workstations and servers require a reboot to complete installation.
- Install Software Updates: Installs the latest supported third-party software updates from vendors. Select All applications in Update settings or All except to exclude specific software.
- Install OS Patches: Installs the latest Windows patches via the Windows API. Select All categories and All severities in Patch Settings.
| Schedule Name | Schedule Type | Schedule Groups | Frequency | Recovery Options | Notes |
|---|---|---|---|---|---|
| Install Software Updates (Workstation) | Install Software Updates | All workstation groups | Biweekly or weekly, early morning on any work day (e.g. Tuesdays at 7AM) |
Yes | Enable Do not reboot servers (Windows) |
| Install OS Patches (Workstation) | Install OS Patches | All workstation groups | Biweekly or weekly, early morning on any work day (e.g. Thursdays at 7AM) |
Yes | Enable Do not reboot servers (Windows) |