Configuring what to scan for
There are two primary factors that affect which definitions are scanned for:
•The group the definition is in.
•The agent settings.
When you download new definitions, they are automatically added to the Scan group. (The only exception is blocked application definitions—they're added to the Unassigned group.) When a security scan task runs, it scans for the definitions in the Scan group.
The Scan group has several sub-groups to help you organize the definitions that are scanned for. Some of these sub-groups, like the Detected group, are automatically populated when a vulnerability is detected. Other groups like the Autofix (global) group are populated when you move definitions into them.
For more information about the default groups for vulnerabilities, see Open and understand the Patch and Compliance tool.
CAUTION: Moving definitions from the Scan group
When you move definitions from the Scan to the Don't Scan group, the information about which devices detected those definitions is removed from the core database and is no longer available in either the definition Properties dialog boxes or in the device Security and Patch Information dialog boxes.
When you create Distribution and Patch agent settings, the Scan options page allows you to configure the type of definitions to scan for. By default, the agent setting is configured to scan for vulnerabilities, Ivanti updates, and custom definitions.
For more information about the agent settings, see Agent settings: Distribution and patch.
After you have downloaded security definitions and configured what to scan for, create a scan task. For more information, see Create a patch and compliance scan task.