Skip to main content

Scheduling a malware scan task in GravityZone


With GravityZone Control Center, you can run malware scans at any time on any managed endpoints. One option is the Tasks > Malware scan command from the Network page. For more details, refer to Malware scan. Another option is to configure a recurrent scan task to run automatically on target endpoints.

In this article, you will learn how to schedule a Malware scan task via policies.


You need a GravityZone Control Center account with Manage Networks rights.

Schedule a Malware scan task

To create a scheduled malware scan task, follow these steps:

  1. Log in to GravityZone Control Center.

  2. Select Policies from the left side menu.

  3. Click the policy you want to edit, or create a new one. The policy must be applied to the endpoints where you want to run the scheduled scan.

  4. In the policy settings, go to Antimalware > On Demand.

  5. Under Scan Tasks, click Add and select the scan type that you want.



    You can run the following types of antimalware scan:

    • Quick Scan, which uses in-the-cloud scanning to detect malware running in the system. Running a quick scan usually takes less than a minute and uses a fraction of the system resources needed by a regular virus scan.

    • Full Scan checks the entire endpoint for all types of malware threatening its security, such as viruses, spyware, adware, rootkits and others.

    • Custom Scan allows you to choose the specific locations to be scanned and to configure the scan options.

    • Network Scan is a type of custom scan, which allows assigning one endpoint to scan network drives, then configuring the scan options and the specific locations to be scanned. For network scan tasks, you need to enter the credentials of a user account with read and write permissions on the target network drives, for the security agent to be able to access and take actions on these network drives.

  6. Configure the scan task options as you want. To send the scan task recurrently to target endpoints, go to General tab > Scheduler section and configure the following settings:

    • Start date and time. Specify the time when the scan task starts.


      The scheduled scan will run at the local time of the target endpoint. For example, if the scheduled scan is set to start at 6:00 PM and the endpoint is in a different timezone than Control Center, the scanning will start when the endpoint shows 6:00 PM.

    • Recurrence. Define the scan recurrence interval, by choosing one of the following options:

      • Specify the recurrence frequency, starting with the specified time and date.

        For example, the task will run once every day, starting from June 16, 2023, at 14:24.

      • Specify a weekly scan by selecting at least one day of the week when the scan task will run.

    • If scheduled run time is missed, run task as soon as possible. Optionally, you can specify what happens when the scan task could not start at the scheduled time (endpoint was offline or shutdown). Use this option according to your needs:

      • When you leave the option unselected, the scan task will attempt to run again at the next scheduled time.

      • When you select the option, you force the scan to run as soon as possible. To fine-tune the best timing for the scan runtime and avoid disturbing the user during the work hours, select Skip if next scheduled scan is due to start in less than, then specify the interval that you want.

  7. Click Save to create the scan task.

  8. Save the policy to apply the settings to target endpoints.


  • Endpoints must be powered-on when the schedule is due. A scheduled scan will not run when due if the machine is turned off, hibernating or in sleep mode. In such situations, the scan will be postponed until next time.

  • The scanning is performed silently in the background, regardless the user is logged in the system or not.

  • Though not mandatory, it is recommended to schedule a comprehensive system scan to run weekly on all endpoints. Scanning endpoints regularly is a proactive security measure that can help detect and block malware that might evade real-time protection features.