Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 554 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console 4.0

MrMafia

Scenario: I right click the client and click Full System Scan and it doesn't seem to actually tell me it's scanning, is there a way to check if the scan is actually being performed on the client computer?

:4823


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Not from the server I'm afraid to say but if you open up the endpoint interface you will see the task running.  However if you perform a clean-up action on a threat you would will get some feedback that the action is taking place.

    The problem with scheduled scans is, it's very hard to estimate the time it will take, so reporting is always hard.  Plus, as there is the potential to kick off a scheduled scan on 20,000 machines, even if the client only sent back a status at 25%,50%, 75% and 100% that's still 80, 000 messages coming back from the server on-top of the original 20,000 do-action messages. 100,000 messages to perform a scan seems a lot of traffic.

    So for large sites by default it could be dangerous and end up in a DDOS attack on the management server :) , although for smaller environments it would be nice.  Maybe there should be a scan now with and without feedback, for the times when you just initiate it on a few machines.  Maybe someone from Product Management might read this at some point and think it's a good idea.

    Thanks,

    Jak

    :4828
Reply
  • 0

    Hi,

    Not from the server I'm afraid to say but if you open up the endpoint interface you will see the task running.  However if you perform a clean-up action on a threat you would will get some feedback that the action is taking place.

    The problem with scheduled scans is, it's very hard to estimate the time it will take, so reporting is always hard.  Plus, as there is the potential to kick off a scheduled scan on 20,000 machines, even if the client only sent back a status at 25%,50%, 75% and 100% that's still 80, 000 messages coming back from the server on-top of the original 20,000 do-action messages. 100,000 messages to perform a scan seems a lot of traffic.

    So for large sites by default it could be dangerous and end up in a DDOS attack on the management server :) , although for smaller environments it would be nice.  Maybe there should be a scan now with and without feedback, for the times when you just initiate it on a few machines.  Maybe someone from Product Management might read this at some point and think it's a good idea.

    Thanks,

    Jak

    :4828
Children
No Data