ETH Scan

Print Friendly, PDF & Email

Endpoint Threat Hunting (ETH) Scan is an easy way to search for files that match malicious hashes (MD5, SHA1, SHA256) across your network.
You may have hash codes of latest malware. ETH Scan searches those malicious hashes in the endpoints of your network, then action is taken as per your selection, you can quarantine or delete malicious files.
The following 2 modes are available to search the hash types.
Manual Search – If you want to search 1 to 5 entries at a time, select Manual Search.
Bulk Search – If you want to search more entries, select Bulk Search. You can search for 5 to 20 entries at a time with Bulk Search. Multiple Hash codes are searched by uploading a CSV file.

Manual Search

To initiate scanning in Manual Search mode, follow these steps:

  1. On the Status page, select the endpoints you want to scan.
  2. The client action bar is enabled above the table. In the Client Actions drop down, select ETH Scan.
  3. In the Please Select list, select Start Scan.
  4. Click Submit.
    Start Scan dialog appears.
  5. In the New Scan tab, enter Search Name and Description.
  6. Select Action from the list. You can select Quarantine or Delete or No action option.
    Manual Search mode is selected by default. With Manual Search, you can search 1 to 5 entries at a time.
  7. Enter Hash Code that you want to search in the text box. The Hash Type of the code appears in the corresponding box.
  8. Click +Add Entry to add search entry.
    You can enter maximum 5 search entries in Manual Search mode.
    You can delete the search entry with help of delete icon of the corresponding entry.
  9. Click Start Scan to start the scan of the selected endpoints. The action will be initiated on the client as per set polling interval.

Bulk Search

To initiate scanning in Bulk Search mode, follow these steps:

  1. On the Status page, select the endpoints you want to scan.
  2. The client action bar is enabled above the table. In the Client Actions drop down, select ETH Scan.
  3. In the Please Select list, select Start Scan.
  4. Click Submit.
    Start Scan dialog appears.
  5. In the New Scan tab, enter Search Name and Description.
  6. Select Action from the list. You can select Quarantine or Delete or No action option.
  7. Select Search Mode as Bulk Search .
  8. Download the CSV template from the link.
  9. Fill hash codes that you want to search in the CSV file.
  10. Save the file. The file size must be less than or equal to 1 MB.
  11. Click Upload CSV file to upload the file. The file name appears when the file is uploaded successfully.
  12. Click Start Scan.

Existing Scan

You can initiate scan on the existing search also.
To initiate scanning of existing search, follow these steps:

  1. On the Status page, select the endpoints you want to scan.
  2. The client action bar is enabled above the table. In the Client Actions drop down, select ETH Scan.
  3. In the Please Select list, select Start Scan.
  4. Click Submit.
    Start Scan dialog appears.
  5. In the Existing Scan tab, you can view the following information about Search.
    Fields Description
    Date & Time Displays the date and time of the Search.
    Search Name Displays the name of the Search.
    Description Displays the description of the Search.
    Action Displays the action taken on the files.
  6. Select the Search you want to initiate.
  7. The action bar is enabled above the table. Click Start Scan.
    Notes
    • The Endpoint Threat Hunting feature is available only in the clients with Microsoft Windows operating system.
Was this page helpful?