A background scan is a one-time scan that is used to pre-populate the reputation level of files on fixed disk drives. You can configure the background scan by specifying policy settings.
A background scan begins when either of the following actions take place:
- As soon as the endpoint sensor is installed and the sensor is assigned to a policy that has the background scan enabled.
- When enabling the background scan in a policy that previously had the setting disabled.
- When assigning the sensor from a policy that has disabled background scan to a policy that has enabled background scan.
- If the sensor has already completed a background scan, the scan does not run again.
- Paths specified in a Prevention bypass rule are not scanned by the background scan process.
- If the background scan terminates before completion, (for example, due to powering off the machine or a service failure), it resumes where it left off and continues until completion.
There are two options for the Run background scan setting. On the left navigation pane, click , select a policy, and click the Sensor tab.
- The Standard background scan runs in a low-priority mode to consume low system resources and pauses when the system resources are needed by other processes. The standard background scan processes 20 files per minute at maximum. The time to complete depends on the available system resources and the number of files on the system being scanned.
- The Expedited background scan runs in a high-priority mode and consumes extra resources to complete. The expedited background scan is optimized for speed and processes 100 files per minute. The time to complete depends on the available system resources and the number of files on the system being scanned.
Expedited scans can affect system performance; therefore, we recommend you use these scans in the following scenarios:
- VDI primary images
- Emergency incidents
Note: Expedited scans only apply to Windows sensors version 3.3 and above and Linux sensors version 2.12 and above.