Balanced scan - Strike the balance between scan time and detecting more vulnerabilities (recommended).
Quick scan - Shorter scan time but may not find all vulnerabilities.
Managing this scan setting
In the portal, simply navigate to Account > Settings > Scans
Underneath the Priorities section, you will have the option to select between the two scan options:
How do I know what scan priority I have set?
On the scan details page, you will see the scan priority that has been used for the relevant scan:
You can find the option to change the Scan Priority on the scan settings page:
You can also see the scan priority setting applicable for each check on the Checks Page as an icon next to the check name:
Does 'Balanced scan' apply to all targets (internal and external)?
Balanced scans will only apply to external targets. The reason for this is as follows:
More in-depth scans could spike the CPU for internal targets. This will have a noticeable impact on system performance potentially resulting in all resources being consumed and the system freezing or crashing.
Internal checks are more reliable in their results because the agent already has access to all elements of the operating system that it requires to validate results. Remote checks, on the other hand, need to account for network reliability and security controls, such as IPS or firewalls
What type of checks are covered by the balanced scan?
Applies to external infrastructure checks, only.
Can you enable at the scan level, or is it at the account level?
The setting is enabled at the account level, so it will impact all scans run (ad-hoc, scheduled, remediation and ETS).
What happens if I change from balanced to quick scan?
If you run a quick scan on a target that has an issue found by the balanced scan, some of those issues will move to fixed (as they won't be detected by quick scan).
What happens if I change scan priority before kicking off a remediation scan?
If the occurrence relied on a check from the balanced scan, we'll enable it for the remediation scan, regardless of whether you've changed to quick scan or not.
What is the difference in scan run times between these two scans?
We anticipate an increase of up to 30-40% from quick scan to balanced scan. The reason for this is, because with a balanced scan, the scanner will wait longer to receive a response than on the quick scan setting. Moreover, most scanners will use a list of known ports when attempting to carry out service fingerprinting, this reduces the time taken to scan but can result in some services not being identified correctly. With the balanced scan the services on every port will be fingerprinted, even those which aren't known to be default ports for specific services. Waiting for longer and carrying out more checks against more ports/services means that your scan times will increase.
Could it impact load?
Connections will remain open longer, and we'll be sending more requests over a longer timeframe - but the limit we set on the number of simultaneous connections will not increase or decrease based on this setting.