Thank you for suggestion. I have had read that article.
Scan only - Will only report vulnerabilities, but not remediate any.
What does that mean? It will scan that system and do nothing about it? What is the point of that than?
Scan only means that it will scan the system for any vulnerabilities, virus definition updates, applications to block, etc (these are customizable so you can mix or match). It will then report these back to the core so that they are included in your reports and can be patched at a future time.
The reason for this is two fold -
1. Feature parity - allowing both the ability to "scan and patch" or "just scan"
2. Allow a system to scan for patches but not spend the time to repair them immediately if it is time sensitive to get the device out the door and they can be patched later - but you will want the information recorded.
So you have essentially 3 options at a high level:
1. Don't scan and don't remediate.
2. Scan and don't remediate.
3. Scan and remediate.
It is up to you to decide what fits your needs. Most users do option 3.
Hope this helps,