Configuring and Running Malware Scans

CPM provides two types of malware scans, On-Demand and Real-Time. In addition, you can schedule On-Demand scans to automatically reoccur. You can apply the same scan to all endpoints, or create different scan configurations and apply them to different sets of endpoints based on whatever criteria you choose. Users can be notified before a scheduled or on-demand scan runs, but do not explicitly receive notifications whenever a detection occurs on their computer.

Note: See Displaying the CPM Icon on Endpoints for information on making some detection information visible to your end users.

Detections are logged and available for review in CPM Reports.

Note: On-Demand scans can be CPU intensive on the client. Although you can moderate the affect by configuring the CPU Usage option (sets a pause between each file scanned), you may also want to configure an Offer as part of the Task. The Offer will allow users to initiate the scan themselves.

As with most Tasks in the console, you can associate any of these scans with selected computers, users, or other conditions. As a result, you can define multiple scan settings and then attach a particular scan configuration to a given set of computers. Scan settings are saved in the CPM Dashboard.



The configuration settings you define for these scans apply in conjunction with whatever Global Settings you have configured.

  • On-Demand scans: Use On-Demand scans to run a one-time scan of client hard drives and/or the boot sector. Launch the default scan with the Scan Now Task. On-Demand scans can take from a few minutes to a few hours to complete, depending on how many files are scanned and client hardware.

    Note: When an end user initiates a Manual Scan from the CPM client console, the scan settings reflect the latest settings configured by the administrator for an On-Demand Scan.

    For example, an administrator might schedule an On-Demand Scan on every Thursday 12:00 PM that scans all file types. Then the administrator might run an On-Demand scan with different scan settings, maybe scanning only for .EXE files, at 14:00 PM. If an end user runs a Manual Scan at 15:00 PM, and the administrator has not changed the settings, the end user’s Manual Scan will only scan for .EXE files, not all file types.

  • Scheduled scans: You can schedule an On-Demand scan to trigger at a given time, day, or date. You can also have the scan automatically reoccur according to the schedule you set.

  • Real-Time scans: This scan checks files for malicious code and activity as they are opened, saved, copied or otherwise being accessed. These scans are typically imperceptible to the end user. Real-time scans are especially effective in protecting against Internet-borne threats and harmful files being copied to the client. Trend Micro recommends that you enable real-time scanning for all endpoints.