Continuous Agentless Scanning

On the Tools > Options > Scan tab, the Enable continuous agentless scanning option should only be used in certain circumstances. Specifically, this option is designed for use in conjunction with Network Access Control (NAC) environments that perform patch security checks on all machines before they are allowed onto the local network. In this scenario, if a machine does not contain all of the required patches, the access control system will place it into a restricted network. The machine remains in this "quarantine" until the necessary security patches are deployed to the machine, at which time it can be reintroduced to the primary network.

If you select Enable continuous agentless scanning, a Minutes scan interval option becomes available when scheduling recurring patch scans. This enables you to schedule scans on a minute basis, providing nearly continuous patch scans and deployments of the machines that reside within the restricted network. By performing scans at minute-based intervals rather than daily intervals, the amount of time a deficient machine stays in the restricted network is greatly decreased.

The Enable continuous agentless scanning option is only recommended for use in this very specific circumstance. The constant scanning is fine for monitoring a small number of devices in an isolated or restricted network, but it is not recommended for general use. The extremely short scan intervals can wreak havoc on your network performance if configured for large networks.

If you use the Minutes scan interval option, the amount of patch scan data that is contained in your database can quickly grow out of hand. Be sure to use the Database Maintenance tool to continually delete old results.

Related Topics