Sai Scans

[Vinay Pettyjohn]

Sometypes of imaging tests use radiation. Others use sound waves, radio waves, or magnets. Learning about how medical scans work can help you feel more comfortable if you or a loved one needs one. It can also help you to know what to ask about before getting an imaging test.

X-ray imaging works by passing an energy beam through a part of your body. Your bones or other body parts will block some of the X-ray beams from passing through. That makes their shapes appear on the detectors used to capture the beams. The detector turns the X-rays into a digital image for a Doctor who specializes in creating and analyzing images of the inside

of the body. radiologist to look at.

CT scans also use X-ray beams. But the beams rotate around your entire body to create a 3D picture. These images contain more information than a regular X-ray. The scan can be done in less than a minute. That makes it especially useful in places like the emergency department. There, doctors need to know immediately if a patient has a life-threatening condition.

Because CT scans use more X-ray beams than a normal X-ray, they often deliver a higher dose of radiation. But medical specialists have ways to calculate the smallest radiation dose needed, explains Dr. Cynthia McCollough, a CT imaging researcher at the Mayo Clinic.

Another commonly used imaging method is called ultrasound. It sends sound waves into the body. Different types of tissue reflect sound waves differently. These differences can be picked up by an ultrasound machine and turned into a picture. Ultrasound is helpful for looking at the heart and other organs, or a developing baby.

Attention Editors:Reprint our articles and illustrations in your own publication. Our material is not copyrighted. Please acknowledgeNIH News in Healthas the source and send us a copy.

1) My organization has weekly scans scheduled for Tuesday mornings at 10:00am: How do I view or change the schedule for these scans? And is there a best practice for an ideal time to schedule scans for the endpoints? We currently only get about 50% of scans to be successful on a weekly basis.

2) When I initiate a scan on an endpoint and it fails, how do I troubleshoot what is causing it to fail (scan status = error).

So if you have already created your malware profile, go to the config of that profile and almost at the end of the profile you will see the Endpoint Scanning config area. There you can play with the Periodic Scan fields to change it. Please check the attached pic.

Regarding the best time to scan your endpoints, it depends on your organization schedules, the best is when the users have less work load on their endpoints. This is something you should check by yourself depending on your specific scenarios. F.e. on a previous assignment we got all desktops awaken at 8pm (by windows AD policy) and we scanned them at that time. But again you should realize when is better for your users, or maybe even create different malware profiles for different departments or office locations and scan them at a different time.

Trouble shooting failed scans: try to figure out if they failed maybe because they had their endpoints switched off, or do they interrupted the scan maybe switching off the endpoint ? if you identify such a case could be good to ask the end user the reason, was it all of a sudden too slow and they rebooted ? these are just some ideas, anyways be creative and try to realize about the reasons why they might failed, maybe they were human reasons.

NOTE: Please to not take our Cortex xdr scans as a traditional antivirus scan this is not the same concept. For us a scan is more to create a model/baseline of what is normal in your endpoint and have a control on it. When you download a new file, it will be check by us when being written on disk, at this time this file will be scanned. So basically, if you run one scan, everything that has been already scanned and is trustable do not need to be re-scanned again and again.

Have a good XDR scan time !!

Luis, thank you for the reply, very helpful!

When a scheduled scan is aborted, will it stay in that status until the next scheduled scan? In other words, if it is aborted this week, will it reinitiate a scan on that endpoint next week, or do we need to do it manually on the backend for endpoints that get aborted?

Also, for endpoints that are disconnected at the time of the scheduled scan, will it initiate the scan as soon they are connected again?

I'd have to disagree with the scan once and you're good comment. We've had Cortex XDR for a year and scan weekly, and it is always a challenge. Found 11,059 out of 76,738 results. This was our last 30 day results. I also haven't noticed XDR scanning at time of write to disk. I can download anything I want and XDR won't pop off until it is executed. When I dedupe this list with the month before it's reduced from 11k to 56 More than happy to discuss with you on how you managed to achieve your results. Most of these are marked Benign so I'm not sure why it wants to alert on them again.

if the scan is started at the cortex management console the user wont be able to stop the scan. He might do it just if he switches off his computer. Once the computer is switched on again the scan should resume and complete. If the user starts the scan locally at his endpoint agent, then he might be able to interrupt it manually, in this case the scan has to be started from scratch.

Hi Luis,

Thanks again for the reply. I am a new team member and I am investigating why we have such a large percentage of endpoints that do not have successful scans. We consistently have about 25% of endpoints aborting the scan. Even when I take a smaller group and start a scan from the endpoint administration, the majority of endpoints that failed on their last scan end up failing again.

I did not get your point on your sentence " Found 11,059 out of 76,738 results" Please explain what do you mean ? what did you find out of 76k? malware ? endpoints ?

Please check my last answer a few mins ago to Pdysart in case it helps you.

About the alerts with benign verdicts: if somehow the endpoint is not connected to cortex management console/WF, or the verdicts from WF last too much, local analysis kicks in and this might have the reason of those alerts, later the verdict might be resolved once the alert is already created (or maybe buffered to be sent when comms are recovered).

Please investigate and realize if you have an issue with WF verdicts in terms of time to get it. If you have a real isssue there open a TAC support ticket. If your endpoints are isolated when the alerts are generated by local analysis, then you should solve this matter.

Note: if the file is unknown to WF, then the agent uses local analysis to figure out if the file is benign of malware.

Ways to get rid of alerts for benign processes:

-Add hash to allow list

-Add the signer to trusted signers

I have already created and config malware profile for schedule scan (weekly), but i can't find history the scan is running or not. For that case, is it possible to check the history of schedule scan? And if possible, what should i do? Thanks

I have one question again, When a scheduled scan is aborted, will it stay in that status until the next scheduled scan? In other words, if it is aborted this week, will it reinitiate a scan on that endpoint next week, or do we need to do it manually from the console?

And what problem caused the error scan?

I wrote a python script which uses the API to pull these incidents and upload the hash to wildfire since the Cortex XDR agent db is only updated once a month from the Wildfire database. This gives me up to date information and it loops over the artifacts for the incident. If are benign it will close the case. Send quarantine to those that are not. Escalate it to Tier 1 if anything fails by case assignment.

I have been wondering : is there a way to match IRM and CT scans sequences in 3D Slicer?

I explain : I have been working for a few weeks on 3D Slicer and I am exploring the possibility of using two sequences in parallel for segmentation. For example, to segment a bone tumor, using a CT scan to model the bone, and an MRI for the tumor and soft tissues.

A computerized tomography scan, also called a CT scan, is a type of imaging that uses X-ray techniques to create detailed images of the body. It then uses a computer to create cross-sectional images, also called slices, of the bones, blood vessels and soft tissues inside the body. CT scan images show more detail than plain X-rays do.

To provide you with the most relevant and helpful information, and understand which information is beneficial, we may combine your email and website usage information with other information we have about you. If you are a Mayo Clinic patient, this could include protected health information. If we combine this information with your protected health information, we will treat all of that information as protected health information and will only use or disclose that information as set forth in our notice of privacy practices. You may opt-out of email communications at any time by clicking on the unsubscribe link in the e-mail.

During a CT scan, you're briefly exposed to a type of energy called ionizing radiation. The amount of radiation is greater than the amount from a plain X-ray because the CT scan gathers more-detailed information.

The low doses of radiation used in CT scans have not been shown to cause long-term harm. But for repeated scans, there may be a small increase in the lifetime risk of cancer. This can affect children more than adults.

CT scans have many benefits that outweigh any small risk. Healthcare professionals use the lowest dose of radiation to get the needed medical information. And newer, faster machines and techniques use less radiation than older CT scans did. Talk with your healthcare professional about the benefits and risks of a CT scan.

3a8082e126