Overview
The Agentless Scanner is an advanced solution that enables remote security assessments with high speed and accuracy, without requiring agents to be installed on endpoints. The SanerCVEM scanner supports both SMB and SSH (Secure Shell) authentication protocols, enabling secure connections to remote devices and ensuring that scan operations are conducted efficiently and securely. This new approach ensures faster scans and highly accurate results. It allows you to detect vulnerabilities and misconfigurations across your environment, providing deep insights into your devices' security posture.
This guide will walk you through the steps to set up, configure, and execute an Agentless Scan using the SanerCVEM platform:
Solution
Steps for Configuring a Firewall Rule for Port 443
Step 1: Prerequisite steps should be enabled to perform the agentless scanning to target devices.
For Windows Devices
- Direct Host (TCP 445) port must be accessible in both Network Scanner and target devices.
- File and Print Sharing must be enabled.
- The %systemroot% share (usually C$ or similar) must be accessible on the target devices.
- A common administrator credential is required to perform authenticated scanning for the targeted Windows devices (both Domain Devices & Local Devices).
For Workgroup Devices
- The LocalAccountTokenFilterPolicy must be provisioned to allow a full token on remote login. To do this, you need to make few changes to the registry. Follow the steps below to make the changes to the registry.
- Click Start, click Run, type regedit, and then press Enter.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
System
- If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
a. On the Edit menu, point to New, and then click DWORD Value.
b. Type LocalAccountTokenFilterPolicy and then press Enter.
- Right-click LocalAccountTokenFilterPolicy and then click OK.
- In the Value data box, type 1, and then click OK.
2. Steps for create the Inbound access to Port 445 on Windows Defender Firewall
a. Enable Inbound Access to Port 445 on Windows Defender Firewall:
- Log in to the target device and open Windows Defender Firewall with Advanced Security.
- In the left menu, click Inbound Rules.
- On the right-hand side, select New Rule, then choose the Port option and click Next.
- In the Specified Local Ports field, enter 445 and proceed to save the rule.
b. Configure the Local Text Policy Registry Key
Open Command Prompt as an administrator and run the following command to configure the registry key
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
C. Verify Firewall Status and Network Share Access
- Disable all active firewall profiles on the target device by running.
netsh advfirewall set allprofiles state off
- Verify network share access using
net view \\DESKTOP-5P1AG86 /all
Please note replace <Target_Device_Name> with the actual name of the target device according to your requirements.
d. Verify Network Connectivity:
- verify connectivity status from Network scanner configured device to target device
2. Configuring Scan Policy and Scan Config in Saner console.
- Please create the New scan policy with Local Security checks Under Family for compliance scan and vulnerability scan option according to requirement and Click on Next button.
- Update the Authentication SMB credentials of the target device.
- Update the scan policy name as 'AgentLessscan_Policy' and click on create policy button.
3. Steps to create the Scan config for Network scanner.:
- Once above steps are completed, Navigate to Summery page and select the created scan policy and scan config and wait for Network scanner comes for stable status.
- Click on Network scanner and initiate the Scanner and wait for its gets complete.
- Once the scanner gets complete it will show target device details on same account Manage> Devices section.
- You can also verify status and download the scanned report from from Scanner 'i' and download icon.
Conclusion:
The Agentless Scanner in SanerCVEM tool enables you to perform efficient and accurate security assessments without deploying agents. By following the outlined steps, you can configure and execute scans across your network to detect vulnerabilities and misconfigurations.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article