Help Portal
MaxPatrol EDR 5.0 · Help
English
Manual threat responseManaging the YARA scanner module
Running a scan

The YARA scanner module performs signature analysis based on YARA rules. You can scan:

  • A file or a folder with files
  • One or several processes
  • Important system files and processes (a quick scan)
  • All files and processes (a full scan)
Running a scan

By default, the YARA rules specified in the policy configuration are selected for a scan. You can paste or import custom rules.

Scans are executed in a queue order. In the policy configuration, you can assign automatic scans to be performed in a priority order.

To run a scan:On the main menu, click EDR and then select Agents.The EDR agents page will open.Click the name of the agent on which you want to run the scan.The agent card will open.Select the YARA scanner module.Click .The module card will open.Click New scan.Specify the scan parameters.Click Start a scan.The scan is running.
Managing the YARA scanner module
Viewing scan results

The website uses cookies according to the cookie policy.

Accept allManage cookies