Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
2
Helpful
2
Replies

Are real-time scans different from scheduled scans?

Go to solution
stipend
Level 1
Level 1

‎07-13-2023 11:23 AM - edited ‎07-13-2023 11:36 AM

This VMware article says to exclude certain files from real-time scanning. Is that different from scheduled scans?

Are the two different? I'm guessing they are since for AMP to work and detect malicious files and processes, it needs to be conducting real-time scanning.

stipend_0-1689273373087.png

 

https://techzone.vmware.com/resource/antivirus-considerations-vmware-horizon-environment#virtual-machines:~:text=Exclude%20low%2Drisk%20files%20and%20folders%20from%20real%2Dtime%20scans%20on%20single%2Duser%20View%20virtual%20machines%20or%20RDSH%20...

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roman Valenta
Cisco Employee
Cisco Employee

‎07-13-2023 11:43 AM

Hi,

This paragraph should answer both of your questions:

Scheduled Scans is something that you will configure in the policy and it will be conducted periodically. We have two Full Scan and Flash Scan.

Scheduled scans are not necessary for the operation of the connector because files are being reviewed as they are copied, moved, and executed. Files are also reviewed again for 7 days using Retrospective. Full Scan is recommended when you install connector for the first time.

More about Scheduled Scans can be found here:

User Guide
https://docs.amp.cisco.com/AMP%20for%20Endpoints%20User%20Guide.pdf

 

Rule of thumb, always go by vendor specific request to avoid complication if they provide list of exclusion apply them.

As far for Secure Endpoint and Horizon, we do also have Cisco Maintained exclusion already included in the portal so you can start there.

 

Screenshot_2757.png

Hope this help,

 

Regards,

Roman

 

View solution in original post

2 Replies 2

Go to solution
Roman Valenta
Cisco Employee
Cisco Employee

‎07-13-2023 11:43 AM

Hi,

This paragraph should answer both of your questions:

Scheduled Scans is something that you will configure in the policy and it will be conducted periodically. We have two Full Scan and Flash Scan.

Scheduled scans are not necessary for the operation of the connector because files are being reviewed as they are copied, moved, and executed. Files are also reviewed again for 7 days using Retrospective. Full Scan is recommended when you install connector for the first time.

More about Scheduled Scans can be found here:

User Guide
https://docs.amp.cisco.com/AMP%20for%20Endpoints%20User%20Guide.pdf

 

Rule of thumb, always go by vendor specific request to avoid complication if they provide list of exclusion apply them.

As far for Secure Endpoint and Horizon, we do also have Cisco Maintained exclusion already included in the portal so you can start there.

 

Screenshot_2757.png

Hope this help,

 

Regards,

Roman

 

Go to solution
Ken Stieers
VIP
VIP

‎07-13-2023 01:34 PM

Yes real time scanning is different, in that before the requesting app is allowed to access a file, the security product will hold it while it scans it, while a scheduled scan won't necessarily prevent something else from acceaaa file while it's running.

AMP has an extensive set of Cisco-maintained exclusions so the VMware agent may already be covered so that AMP doesn't break stuff.
Customers Also Viewed These Support Documents