Showing results for 
Search instead for 
Did you mean: 

Cisco Community Designated VIP Class of 2020


Scheduled Scan Outside the Policy



I have Cisco AMP for Endpoints. It is a new installation. 

I would like to ask if there is an option to create a scheduled scan outside the policy. 

This is driven by the fact that the company's policy needs to scan some servers the first week of the month, some others the second and so on, ...


Any tips?


Thanks and regards, 



Re: Scheduled Scan Outside the Policy



As you might have already explore, there is no option available to let you schedule the scan outside the policy. One thing you can do is to create different group and policies for those servers to allow you to have separate schedule for the scan for those different servers.

Cisco Employee

Re: Scheduled Scan Outside the Policy

I would also like to encourage you to help your customer toward a more sensible policy.

Periodic scans are generally not necessary, or even useful, with AMP, because AMP uses continuous monitoring. Every time a file gets touched, AMP checks its disposition according to the most up-to-date information available, so anything known to be malicious should be caught in near real time. (I say "near" because dispositions do get cached for a certain amount of time for performance reasons.)

With classic signature-based detection, every time new signatures are added for new threats, you have to rescan the system in order to ensure that no matching files exist. AMP deals with that scenario using a retrospective event instead.

If a customer's security policy MANDATES periodic scans, they have fallen into the trap of specifying a METHOD, not a desired RESULT. It's the equivalent of requiring three swings of a hammer, no matter whether the object you're working with is a nail, a screw, a lag bolt, or a carabiner.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here