Hi,
Hostscan does not require radius.
Based on your DAP configuration, it looks like the default DAP policy action is set to continue.
If you have a specifc DAP policy (new one you created) set to continue, then the default should be set to terminate such that when it does not match that record, it will match again default and it will be set to terminate.
You can verify which dap record its matching by running the following debug:
debug dap trace
debug dap error
This will show you what hostscan results are retrieved from the machine scan and what DAP record is matched.
Please check the following article for more details:
https://supportforums.cisco.com/docs/DOC-1369#Configuring_Dynamic_Access_Policies