03-06-2022 10:21 PM
Hello,
How may I initiate a scan on multiple endpoints at once?
They are are dispersed and not on one specific network.
03-18-2022 02:02 AM
Traditional scan is no longer needed. Each file's SHA is compared againt Threat Intelligence. If for some reason you still want scan, use Flash scan. Go to the Secure endpoint Console Outbreak control > Initiate Scan "Select a policy" and make sure you tick the Flash scan.
03-24-2022 07:15 AM
Hello @larry.siegelman ,
sorry to say, Secure Endpoint does not allow manually triggered Bulk actions for Computers. Doing OdScan on a regular base may makes sense, as there is no Cloud Lookup done for any available file type. I agree with @David Janulik statement, when talking about PE Files, as we are processing the endpoint telemetry actively 7days back in the backend. Non-PE files, if not touched by another process, can only be removed with OdScan. Finally this can now result into a longer discussion.
Today we are focusing on a lot of different other technologies to detect and block complex attack scenarios, some examples:
There will be more security features in the future.... Finally, when taking a look at the relevance of File scanning engines available in Secure Endpoint relevant to different types of testing, the following values may be interesting (values are from 3rd Party testing with Secure Endpoint) why we focus on these advanced detection mechanism. All vales are approximately values and are changing a little bit at any testing.
From my point of view, regular OdScan still makes sense, as you can scan areas of the endpoint which cannot be scanned OnAccess. I fully agree, this is a quick test, just to check if there is something malicious on the endpoint. Some checks can be simply done with Orbital, as Orbital queries Cisco Security APIs to enrich the query result.
If bulk actions are essential for you, please reach out to your Cisco representative to open a FR for you.
Greetings, Thorsten
03-24-2022 07:31 AM
03-28-2022 01:14 AM
Hello @larry.siegelman ,
to do so we would need some kind of on-premise component OR a huge change in the architecture, where Secure Endpoint will hold a static connection to the cloud. Without such component/feature any of your endpoints would need to have a public IP and the firewall opened for all endpoints.
Just being curious, what is the use case where you need a policy immediately being enforced on the endpoint(s)?
Greetings, Thorsten
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide