Configure and Run Malware Scans

CPM for Mac provides two types of malware scans: On-Demand, and Real-Time. In addition, you can schedule On-Demand scans to automatically recur. You can apply the same scan to all endpoints, or create different scan configurations and apply them to different sets of endpoints based on whatever criteria you choose. Users can be notified before a scheduled or on-demand scan runs, but do not explicitly receive notifications whenever a detection occurs on their computer.

Note: For more information about making detection information visible to your users, see Enable the Client Console (for Mac), in CPM Client Management.

Detections are logged and available for review in CPM Reports.

Note: On-Demand scans can be CPU intensive on the client. Although you can moderate the effect by configuring the CPU Usage option (which sets a pause between each file scanned), you might also want to configure an Offer as part of the Task. The Offer will allow users to initiate the scan themselves.

As with most Tasks in the IBM BigFix Console, you can associate any of these scans with selected computers, users, or other conditions. As a result, you can define multiple scan settings and then attach a particular scan configuration to a given set of computers. Scan settings are saved in the CPM Dashboard.

The configuration settings that you define for these scans apply with the Global Settings you configure.

On-Demand scans: Use On-Demand scans to run a one-time scan of client hard drives or the boot sector. Launch the default scan with the Scan Now Task. On-Demand scans can take from a few minutes to a few hours to complete, depending on how many files are scanned and on client hardware.
Note: When an user initiates a Manual Scan from the CPM for Mac client console, the scan settings reflect the latest settings configured by the administrator for an On-Demand scan. For example, an administrator might schedule an On-Demand scan on every Thursday at 12:00 that scans all file types. Then the administrator might run an On-Demand scan with different scan settings, maybe scanning only for .EXE files, at 14:00. If a user runs a Manual Scan at 15:00, and the administrator has not changed the settings, the user’s Manual Scan will scan only for .EXE files, not all file types.
Scheduled scans: You can schedule an On-Demand scan to trigger at a particular time, day, or date. You can also have the scan automatically recur according to the schedule you set.
Real-Time scans: This scan checks files for malicious code and activity as they are opened, saved, copied, or otherwise being accessed. These scans are typically imperceptible to the user. Real-time scans are especially effective in protecting against Internet-borne threats and harmful files being copied to the client. Trend Micro recommends that you enable real-time scanning for all endpoints.