Scan Computers using Active Directory
To scan all or selected endpoints in an Active Directory domain:
-
Open Threat Hunter Assessment Tool (THAT)
-
Click the 'Custom Scan' 'New Custom Scan' button
-
Select 'Active Directory' to open the AD (Active Directory) configuration screen:
/cd506670ec340e86e7a3886398efa838/5eac818f1e1c4adc19d335055b06586b/05bd8008bb6842adc2e9edfc88609803/AD.png)
-
Enter the name of your Active Directory domain and provide admin username and password:
/cd506670ec340e86e7a3886398efa838/5eac818f1e1c4adc19d335055b06586b/05bd8008bb6842adc2e9edfc88609803/Ad1.png)
-
After logging in, the 'Select Computers' screen will open:
-
Choose the endpoints that you want to scan and a scan type:
Quick Scan: Scans critical and commonly infected areas of target endpoints
Full Scan: Scans all files and folders on target endpoints.
/cd506670ec340e86e7a3886398efa838/5eac818f1e1c4adc19d335055b06586b/05bd8008bb6842adc2e9edfc88609803/Ad2.png)
-
Click 'Scan Now' to begin the scan.
-
Scan progress is shown for each computer, including the number of unknown files and malicious files found so far. Overall scan progress is shown on the menu bar.
-
'Stop Scan' - Discontinue the scan.
The tiles above the scan area show how many files of each type have been found so far:
|
|
Safe files. These files are on the Xcitium whitelist are OK to run. |
|
|
Unknown, potentially malicious files.
Verdict Cloud account at https://verdict.xcitium.com
See 'Verdict Cloud Analysis Results' for more information. |
|
|
Malicious files. These files are on the Xcitium blacklist of known malware and should not be allowed to run on your network. |
-
Click the funnel icon to filter scans by status:
Results are shown when the scan finishes:
|
Scan Interface - Table of Column Descriptions |
|
|
Column Header |
Description |
|
Name |
The name of the computer on which the scan was run. Click '+' to view files discovered on the computer. |
|
Size |
The size of the analysed file. |
|
Verdict |
Status of the file. The possible values are:
|
-
Each scan result is shown on a different row and contains information such as the number and type of files found.
-
'Clean' - Unknown files that have been analysed by Verdict Cloud and found safe.
-
Click the 'Group By' icons on the right to change how results are displayed:
-
Group by Computer: Lists all computers scanned. Expand any computer to view the unknown / malicious files on those computers.
-
Group by File: Lists all unknown / malicious files discovered by the scan. Expand any file to view the computers on which it was discovered.
Group by Computer
-
Click the computer icon to view results by computer:
-
Click '+' beside an endpoint to view the location of the unknown / malicious files
Group by File
-
Click the computer with file icon on the right
-
Click the '+' beside a file to view the number of instances and the path of the file on the endpoint(s)
Verdict Cloud is an online file verdict service which analyses the behaviour of unknown files with a range of static and dynamic tests. Unknown files are automatically submitted to Verdict Cloud.
-
Click 'Detailed Scan Results' to view verdicts on unknown files.
-
Existing users can login by entering their Xcitium username/password, or you can create an account.
-
Verdict Cloud results will be shown in the THAT interface and, in more detail, in the Verdict Cloud portal:
/cd506670ec340e86e7a3886398efa838/5eac818f1e1c4adc19d335055b06586b/05bd8008bb6842adc2e9edfc88609803/chrome_KOCNdTxher.png)
See 'Verdict Cloud Analysis Results' in 'Scan Results' for more details.