Freeze Windows

You can set a freeze window in Tenable Security Center to specify a time frame when you do not want Tenable Security Center to scan specific targets. This prevents remediation or ad-hoc scans from scanning assets during undesired time frames, such as during production hours. For more information about what happens to in-progress scans at the start of a freeze window, see the knowledge base article.

Freeze windows are organizational and affect all scans in the creating user’s organization. Only users with the Manage Freeze Windows permission can add, edit, or delete freeze windows.

Note: If a freeze window becomes active in Tenable Security Center after an Agent scan or a web app scan launches, the freeze window will not stop any Agent scans or web app scans that are currently in progress. However, if you launch a web app scan while a freeze window is already active, and the freeze window applies to any of the web app scan targets, then those web app scan targets will not be scanned.

To stop Agent scans, configure a freeze window in each Tenable Nessus Manager.

For more information, see Add a Freeze Window, Edit a Freeze Window, and Delete a Freeze Window.

Option Description
Name A name for the freeze window.
Description (Optional) A description for the freeze window.
Enabled

When enabled, Tenable Security Center does not scan any assets that are affected by the freeze window. If a scan does not include any assets outside of the freeze window, then the scan will abort.

When disabled, Tenable Security Center scans all assets as scheduled.
Targets

Specifies the targets you do not want to scan during the freeze window.

  • All SystemsTenable Security Center does not scan any assets.
  • AssetsTenable Security Center does not scan specific Tenable-provided or user-defined asset lists.
  • IPsTenable Security Center does not scan specific IP addresses.
  • MixedTenable Security Center does not scan a combination of IP addresses and/or Tenable-provided or user-defined asset lists.

Note: If you select an Import Repository later in the configuration, Tenable Security Center applies your Target selections only to scans configured with that import repository. Scans configured with other import repositories still run and scan targeted assets, regardless of your freeze window Targets selection.
Assets If you selected Assets or Mixed as the Targets, specifies one or more Tenable-provided or user-defined asset lists that you do not want to scan during the freeze window.
IPs If you selected IPs or Mixed as the Targets, specifies one or more asset IP addresses that you do not want to scan during the freeze window.
ImportRepository

(Optional) If you selected Assets, IPs, or Mixed as your Targets, specifies whether you want to restrict the freeze window to apply to scans configured with a specific import repository.

  • If you select a repository, Tenable Security Center applies the freeze window to scans with the repository configured.

  • If you do not select a repository, Tenable Security Center does not restrict the freeze by repository.

Starts On

Frequency

Repeat Every

Repeat On

Specifies a schedule for the freeze window.