This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Force a Scan on all Endpoints

As subject, is it possible to force a scan on all endpoints? I'm aware that I can drill down to a specific endpoint and Scan Now, but what I'd like to do is scan all the machines with one click.

As I've found no obvious way of doing this, I edited the Base Policy - Threat Protection and created a scheduled scan to run that evening. It didn't run. Instead, I got a whole load of warnings in the Central management portal reporting Policy non-compliance for all endpoints!

Any advice greatly received. I'm struggling to understand how I can force a scan on all my endpoints and it's getting critical now.

Thanks in advance!

This thread was automatically locked due to age.

0 jak over 6 years ago

Hi,

I think the update to the threat protection policy to force a scan in the next couple of minutes is your best bet.

Of course - any computers that are off at that time will not be covered until a time when the schedule aligns with then being turned on. The scan now action on the other hand, is queued I guess so the next time the client comes online, it sees the message and carries out the task.

I would first investigate on one computer why they differ from policy. Did the scheduled task get created on the endpoints for the task? Can you check, if the task got created then the scan would have happened.

schtasks /query /TN "Sophos Cloud Scheduled Scan"

You can use /S to check remote computers.

Or maybe just:
schtasks | find "Sophos"
presumably will return:
Sophos Cloud Scheduled Scan 22/02/2019 21:00:00 Ready

is the task there?

Debug logging of the Agent using the info here:
https://community.sophos.com/kb/en-us/119607

would be the troubleshooting step to ensure the SAV Adapter is setting/getting policy and why difference is being returned.

Regards,

Jak
Cancel
Vote Up 0 Vote Down

Cancel