Skip to content

Risk scan

You can anytime choose to run on demand risk scan tasks on selected endpoints, as follows:

  1. Go to the Network page.

  2. Browse the containers from the left-side pane and select the endpoints you want to scan.

  3. Click the task.png Tasks button at the upper side of the table and choose Risk scan.

    A configuration page will appear, where you need to select the indicators taken into account for risk scanning.


    An Indicator of Risk refers to a registry key value or data of a specific system setting.

  4. Select the indicators of risk you want to take into account for scanning.

    Indicators of risk are grouped by the following attributes:

    • Category (Network, Operating System)

    • Severity (Misconfiguration, Microsoft Security Baseline)

    By default, only a certain number of indicators are selected. You may need to review the list of indicators you want to include for scanning.

    You can also use the search bar to find specific indicators. Note that risk indicator names include terms from local or group policy names. To view the full list of indicators and their description, refer to GravityZone Indicators of Risk.

  5. Click Save to create the scan task. A confirmation message will appear.


The Risk scan tasks will not run / will fail on endpoints in the following situations:

  • The endpoint does not have a Windows operating system.

  • The endpoint’s Bitdefender agent license is invalid.

  • The policy applied to endpoint has the Risk Management module disabled.

You can view and manage the task on the Network > Tasks page. For more information, refer to Viewing and managing tasks.

Page Menu