The agent can scan your Windows and Mac endpoints and attached removable drives for dormant malware that is not actively attempting to run.
In addition to blocking the execution of malware, the Cortex XDR agent can scan your Windows, Mac and Linux endpoints and attached removable drives for dormant malware that is not actively attempting to run. The agent examines the files on the endpoint according to the Malware Security Profile that is in effect on the endpoint (quarantine settings, unknown file upload, etc.) When a malicious file is detected during the scan, the agent reports the malware to Cortex XSIAM so you can manually take additional action to remove the malware before it is triggered and attempts to harm the endpoint.
You can scan the endpoint in the following ways:
System scan: Initiate a full system scan on demand from Endpoints Administration for an endpoint.
Periodic scan: Configure periodic full scans that run on the endpoint as part of the malware security profile. To configure periodic scans, see Set up malware prevention profiles.
Custom scan: (Windows, requires agent v7.1 or later) The end user can initiate a scan on demand to examine a specific file or folder. For more information, see the Cortex XDR Agent Administrator's Guide for Windows.