Ivanti AntiVirus Scan Types

Ivanti AntiVirus malware scans can be initiated in two distinct ways. Policy-based scans run according to predefined policies, while Scan Now virus and malware scans are run directly by an administrator.

Scan Type	Description
Policy-based scans	Policy-based scans run automatically according to a predefined settings. There are two types of policy-based scans: Recurring virus and malware scans run according to a time schedule. Real-time monitoring scans run whenever an endpoint performs an action on a file. For more information on these scan types, see Policy-based Malware Scanning.
Scan Now virus and malware scans	The Scan Now virus and malware scan is usually run a single time. It is run directly by an administrator when there is a perceived malware threat to an endpoint, a group of endpoints, or the entire network. It can be run immediately, or scheduled for later execution if desired. For more information, see Scan Now Virus and Malware Scan.

Scan Type

Description

Policy-based scans

Policy-based scans run automatically according to a predefined settings. There are two types of policy-based scans:

Recurring virus and malware scans run according to a time schedule.
Real-time monitoring scans run whenever an endpoint performs an action on a file.

For more information on these scan types, see Policy-based Malware Scanning.

Scan Now virus and malware scans

The Scan Now virus and malware scan is usually run a single time. It is run directly by an administrator when there is a perceived malware threat to an endpoint, a group of endpoints, or the entire network. It can be run immediately, or scheduled for later execution if desired.

For more information, see Scan Now Virus and Malware Scan.

In practice, policy-based scans provide the main form of protection to the network. They run automatically and consistently, without human intervention. A set of well designed policies can provide excellent protection to the network. The Scan Now feature performs a useful complementary role, enabling the administrator to react directly to a specific threat or suspicious activity.

Policy-based Malware Scanning

Ivanti AntiVirus offers two types of policy-based malware scanning: recurring virus and malware scan, and real-time monitoring.

Scan Type	Description
Recurring virus and malware scan	Scheduled to run on a regular basis, which can range in frequency from daily to weekly. The policy should specify a detailed scan that will be able to detect infected files that other policy types (such as real-time monitoring scans) might miss.
Real-time monitoring	Runs whenever an endpoint performs specified actions on a file. For example, the policy can specify that the file is scanned whenever it is read or executed. Real-time monitoring is also known as on-access scanning, because the file has to be accessed before any other action is performed on it. An advantage of real-time monitoring is that it can detect viruses before they are triggered.

Scan Type

Description

Recurring virus and malware scan

Scheduled to run on a regular basis, which can range in frequency from daily to weekly. The policy should specify a detailed scan that will be able to detect infected files that other policy types (such as real-time monitoring scans) might miss.

Real-time monitoring

Runs whenever an endpoint performs specified actions on a file. For example, the policy can specify that the file is scanned whenever it is read or executed.

Real-time monitoring is also known as on-access scanning, because the file has to be accessed before any other action is performed on it.

An advantage of real-time monitoring is that it can detect viruses before they are triggered.

Scan Now Virus and Malware Scan

The Scan Now feature, sometimes called an on-demand scan, enables a virus and malware scan to be run immediately in response to a perceived threat, rather than waiting for a policy-based scan to run.

The Scan Now - Virus and Malware Scan option launches the Virus and Malware Scan Wizard, a fast and convenient way to configure and run an antivirus scan. This wizard provides detailed control over scanning options and the endpoints or groups to be scanned. The wizard allows you to tailor the scan to precisely address the apparent virus or malware threat.

The term Scan Now is also used in the context of a Discover Applicable Updates (DAU) task, which assists with the management and deployment of content items. A DAU task is not related to Ivanti AntiVirus functionality.

Comparison of Ivanti AntiVirus Scan Types

Though they use the same definition file, each Ivanti AntiVirus scan type provides its own unique depth and breadth of virus and malware protection.

The Real-time monitoring, Scan Now and Recurring virus and malware scan technologies provided with Ivanti AntiVirus work together to clean and quarantine suspicious files on endpoints.

	Automatic	On-Demand
	Real-Time Monitoring	Scan Now	Recurring Virus and Malware Scan
Detection	Threats before they are triggered. Particularly efficient at detecting viruses.	"Sleeping" threats (for example, those which passed through real-time monitoring because a definition was not yet available). Particularly efficient at detecting malware.
Endpoint Performance	Small but detectable impact. Automatic scan performance can be improved during scan configuration by excluding as many safe files and paths as possible.	Significant impact. Note: On-Demand scan performance can be improved during scan configuration: Set CPU utilization % to low, Clear the Scan archives option, Exclude as many safe files and paths as possible.
Coverage	Only files on which an endpoint performs an action (e.g. read, write).	All files on an endpoint.
Frequency	On-going	One-off, immediate or scheduled for later.	Runs on a regular basis, from daily to weekly for a specified period.

Ivanti recommends you run Real-time monitoring with a regular Recurring virus and malware scan (minimum weekly).