Creating an Endpoint Discover File System scan

1. Go to System > Servers and Detectors > Policy Groups. Create Policy Group or find Policy Group you would like to apply Targeted Endpoint Discover Scan to. For this example, we will use the Default Policy Group.
2. Go to Manage > Discover Scanning > Discover Targets. Click New Target in the top left and select Endpoint - File System Scan
3. Under the General tab, create a name for our Targeted Scan. For this example we will use 'Targeted Endpoint Scan Demo'. Under Policy Groups, select the Policy Group from Step 1.
4. Under the General tab, select 'Always scan all items' for our demonstration purposes.
5. Click the Targeting tab. Under Available Servers select an available Endpoint Server and click Add.
6. Under the Targeting tab, type in the hostname you would like to scan and click Add. (note: This info can be found under the Agents Overview Machine Name  in your dashboard. Make sure the agent is reporting to endpoint server)
7. Click the Filters tab. Under Include Filters type C:\* for demo purposes.
8. Click Save in the top left corner of your screen.
9. Navigate to Manage > Discover Scanning > Discover Targets, if not redirected there after saving.
10. Select the Target Name created in Step 3 by placing a check mark in the box on the left.
11. Click Start Scan
12. After scan completes, you can view the Scan History by navigating to Manage > Discover Scanning > Scan History. To find incidents that were created by the scan, click the icon with the yellow arrow on the far right under Actions.

Frequently Asked Question's:

1. Is it possible to import users or groups?
   Answer - No, user or groups cannot be imported as this scan is specific to Endpoint file system, you can either add machine hostnames, IP addresses or add a text file containing list of hostnames and IP addresses of the targeted endpoint machines.
2. Is it possible to schedule a scan operation by selecting the date and time?
   Answer - You cannot schedule Endpoint Discover targeted scans (Endpoint File System). Each scan must be started manually. You must also manually stop the scan, allow it to complete, or allow it to timeout. You cannot pause an Endpoint Discover scan.