Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            How to Perform an Agentless Scan on Windows Devices

            Modified on Tue, 14 Oct at 10:07 AM

            Product Version: 6.5.0.0

            Overview

            The Agentless Scanner in Saner CVEM allows remote vulnerability and compliance assessments without requiring agents to be installed on target endpoints. It leverages SMB (for Windows) and SSH (for Linux/Unix) authentication protocols to securely connect and scan remote systems. This capability enables faster scanning, accurate detection of vulnerabilities and misconfigurations, and helps maintain continuous visibility into your organization’s security posture. This article explains how to configure and execute an Agentless Scan for Windows devices using the Saner CVEM platform.

            Solution

            1. Prerequisites for Agentless Scanning on Windows Devices

            Before performing an Agentless Scan, ensure the following prerequisites are met:

            For Windows Domain or Local Devices

            • TCP Port 445 (SMB) must be accessible between the Network Scanner and the target devices.

            • File and Printer Sharing must be enabled on the target devices.

            • The administrative share (%systemroot%, e.g., C$) must be accessible.

            • A common administrator credential (Domain or Local) is required for authenticated scanning.

            For Workgroup Devices

            The LocalAccountTokenFilterPolicy must be configured to allow full administrative access remotely:

            1. Press Win + R, type regedit, and press Enter.

            2. Navigate to:

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

            3. If the entry LocalAccountTokenFilterPolicy does not exist:

              • Right-click in the right pane, select New → DWORD (32-bit) Value.

              • Name it LocalAccountTokenFilterPolicy.

              • Set its Value Data to 1, and click OK.

            Alternatively, use Command Prompt (Run as Administrator):

            REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

            2. Configure Inbound Access to Port 445 (Windows Defender Firewall)

            1. Log in to the target device.

            2. Open Windows Defender Firewall with Advanced Security.

            3. Click Inbound Rules → New Rule.

            4. Select Port, then click Next.

            5. Choose TCP, and enter 445 under Specific Local Ports.

            6. Click Next, then Allow the Connection.

            7. Complete the wizard to create the rule and apply it.


            3. Verify Firewall and Network Connectivity

            1. Disable active firewall profiles temporarily (for testing purposes only):

              netsh advfirewall set allprofiles state off

            2. Verify network share access:

              net view \\<Target_Device_Name> /all

            3. Check network connectivity from the Network Scanner host to the target device using ping or Test NetConnection:

              ping <Target_Device_IP>
or
Test-NetConnection -ComputerName <Target_Device_IP> -Port 445


            4. Configure a Scan Policy in Saner CVEM Console

            1. Log in to the Saner CVEM console.

            2. Navigate to Scan → Policies → Create New Policy.

            3. Under Family, select Local Security Checks for compliance or vulnerability scanning as per your requirement.

            4. Update the SMB authentication credentials for the target device.

            5. Provide a name (e.g., Agentlessscan_Pilicy) and click Create Policy.


            5. Create Scan Configuration for Network Scanner

            1. Navigate to the Summary page.

            2. Select the created Scan Policy and Scan Configuration.

            3. Wait for the Network Scanner status to become Stable.

            4. Click on the Network Scanner and initiate the scan.

            5. Once completed, the scan results will appear under Manage → Devices.


            6. Verify and Download Scan Results

            • You can verify scan status and download reports by selecting the information (i) icon next to the scanner entry.

            • Click the Download icon to export the detailed scan report.

            Conclusion

            The Agentless Scanner in Saner CVEM enables efficient and accurate remote assessments without deploying endpoint agents. By following the above steps, administrators can securely configure and perform vulnerability and compliance scans on Windows devices, ensuring continuous visibility and a robust security posture across their environment.

            References

            For additional information, refer to the following:

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0