Jump to content

Archived

This topic is now archived and is closed to further replies.

Campbell IT

Automatically scan computers with detections

Recommended Posts

I have found after working with ESMC 7.x for some time that the only way to permanently resolve detections is to run an In-depth scan with cleaning after a detection has occurred. Is there a way to configure ESMC so that when a desktop reports s detection, an in-depth scan with cleaning is scheduled automatically?

Share this post


Link to post
Share on other sites

I would recommend to create dynamic group for such devices: example can be found in older topics, for example here:

 

Once devices are joining this group, you can attach specific actions to them, including task execution (on demand scan or maybe even network isolation task) and also policy that might configure product to schedule such scan.
Also could you provide more details of what kind of detection are not cleaned automatically? Normally only detections that were not handled (not cleaned or deleted) are not resolved automatically in ESMC, which should not happen very often.

Share this post


Link to post
Share on other sites

I had several machines detect HTML/ScrInject.B and for weeks, the detections would show up as unresolved. I finally got some time where the user would let me work on the system for a couple of hours and the only way I could find to actually get the detections to resolve was to run an in-depth scan with cleaning. It baffles me because these detections were reported after a smart scan. If there is some other easy (albeit, not intuitive) way do resolve detections, I would love to hear it.

Thanks.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...