Scheduled scans in Nebula

Malwarebytes Nebula can run automated scans on your endpoints on a schedule that you choose. If you prefer, scheduled scans can quarantine threats and Potentially Unwanted Programs without manual action. This article shows how to create a scheduled scan and explains the related options.

Scheduled scans are managed at the group level. A scheduled scan can run on Windows endpoints, Mac endpoints, Linux endpoints, or all. You may also schedule a Software Inventory Scan, which updates endpoint information in the console. For more information, see Types of scans in Nebula.

Scheduled scans run using the endpoints' locally configured time. Offline endpoints use the synchronized scan schedule from when it last checked in with the Nebula console. 

Create a scheduled threat scan

1. On the left navigation menu, go to Configure > Schedules.
2. Click New to create a new schedule.
3. Enter a Schedule Name and choose Detections scan under Type.
4. Choose the operating systems you want to run the scan on by checking their boxes.
   
   • Check the Quarantine threats automatically box to have Malwarebytes place threats into quarantine without prompting the end user.
   • Check the Treat Potentially Unwanted Programs (PUPs) as malware box for Mac scans to detect PUPs. 
     
     • For Windows, these settings are configured in the policy or with a custom scan. For more information, see Configure Scan settings options in Nebula.
   • For windows only scans, select Threat Scan.
5. In the Schedule groups tab, select target groups for the schedule. Any child groups are automatically selected.
6. In the Schedule frequency tab, set the following parameters:
   • Frequency: Choose either Hourly, Daily, or Weekly.
   • Hours: If Frequency is set to Hourly, then select between 1 and 23 hour(s) from this drop-down.
   • Start Date: Click in this field to select a calendar start date for this scheduled scan.
   • Start Time: Click in this field to select the starting hour, minute, and AM/PM option for this scheduled scan.
   • Run missed schedules as soon as possible: Toggle ON to recover missed scheduled scans due to endpoints being powered off or asleep. The scan automatically starts the next time the endpoint connects to Nebula. 
7. In the top right, click Save.

Create a scheduled Software Inventory Scan

A Software Inventory Scan retrieves information on all endpoints in a group and updates the Endpoint Properties screens for that group. The information gathered is determined by the Software Management settings in each group's policy.

Note: Before you set a scheduled Software Inventory Scan, check the Software Management settings for your group policies. See Adjust policy Software Management settings in the article Types of scans in Nebula.

1. On the left navigation menu, go to Configure > Schedules.
2. Click New to create a new schedule.
3. Enter a Schedule Name.
4. Choose Software Inventory Scan under Type.
5. In the Schedule groups tab, select target groups for the schedule. Any child groups are automatically selected.
6. In the Schedule frequency tab, set the following parameters:
   
   • Frequency: Choose either Hourly, Daily, or Weekly.
   • Hours: If Frequency is set to Hourly, then select between 1 and 23 hour(s) from this drop-down.
   • Start Date: Click in this field to select a calendar start date for this scheduled scan.
   • Start Time: Click in this field to select the starting hour, minute, and AM/PM option for this scheduled scan.
   • Run missed schedules as soon as possible: Toggle ON to recover missed scheduled scans due to endpoints being powered off or asleep. The scan automatically starts the next time the endpoint connects to Nebula. 
7. In the top right, click Save.

The Software Inventory Scan updates endpoint information in the console. This information is organized in Endpoint Properties on the Endpoints screen. On the left navigation menu, go to Manage > Endpoints , then click an endpoint name to view Endpoint Properties. Use the tabs on the Endpoint Properties screen to view details about the endpoint.

For scheduling third-party software updates and operating system patches, click the following links below:

• Update software with Patch Management in Nebula
• Apply operating system patch in Nebula

Return to the Malwarebytes Nebula Administrator Guide.