How to perform the Agentless scan on windows devices

Modified on Sun, 16 Mar at 12:27 PM

Overview 

The Agentless Scanner is an advanced solution that enables remote security assessments with high speed and accuracy, without requiring agents to be installed on endpoints. The SanerCVEM scanner supports both SMB and SSH (Secure Shell) authentication protocols, enabling secure connections to remote devices and ensuring that scan operations are conducted efficiently and securely. This new approach ensures faster scans and highly accurate results. It allows you to detect vulnerabilities and misconfigurations across your environment, providing deep insights into your devices' security posture. 
 
This guide will walk you through the steps to set up, configure, and execute an Agentless Scan using the SanerCVEM platform: 
 
Solution 
Steps for Configuring a Firewall Rule for Port 443 

Step 1: Prerequisite steps should be enabled to perform the agentless scanning to target devices. 

For Windows Devices 

  • Direct Host (TCP 445) port must be accessible in both Network Scanner and target devices. 
  • File and Print Sharing must be enabled. 
  • The %systemroot% share (usually C$ or similar) must be accessible on the target devices. 
  • A common administrator credential is required to perform authenticated scanning for the targeted Windows devices (both Domain Devices & Local Devices). 

 

For Workgroup Devices 

  • The LocalAccountTokenFilterPolicy must be provisioned to allow a full token on remote login. To do this, you need to make few changes to the registry. Follow the steps below to make the changes to the registry. 
  • Click Start, click Run, type regedit, and then press Enter. 
  • Locate and then click the following registry subkey: 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\

    System 
  • If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps: 
  1. a. On the Edit menu, point to New, and then click DWORD Value. 

  1. b. Type LocalAccountTokenFilterPolicy and then press Enter. 

  • Right-click LocalAccountTokenFilterPolicy and then click OK. 
  • In the Value data box, type 1, and then click OK. 

 
2. Steps for create the Inbound access to Port 445 on Windows Defender Firewall  

a. Enable Inbound Access to Port 445 on Windows Defender Firewall: 

  • Log in to the target device and open Windows Defender Firewall with Advanced Security. 
  • In the left menu, click Inbound Rules. 
  • On the right-hand side, select New Rule, then choose the Port option and click Next. 
  • In the Specified Local Ports field, enter 445 and proceed to save the rule. 
    A screenshot of a computer 
Description automatically generated 

 
A screenshot of a computer 
Description automatically generated 

A screenshot of a computer 
Description automatically generated 

 

 

b. Configure the Local Text Policy Registry Key 
Open Command Prompt as an administrator and run the following command to configure the registry key 

REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v  LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f 

A black and white rectangle with white text 
Description automatically generated 

 

 

C. Verify Firewall Status and Network Share Access 

  • Disable all active firewall profiles on the target device by running. 
    netsh advfirewall set allprofiles state off 
     
  • Verify network share access using 

net view \\DESKTOP-5P1AG86 /all 
A screenshot of a computer screen 
Description automatically generated 
 
Please note replace <Target_Device_Name> with the actual name of the target device according to your requirements. 

d. Verify Network Connectivity: 

  • verify connectivity status from Network scanner configured device to target device 

A computer screen shot of a computer code 
Description automatically generated 

 

2. Configuring Scan Policy and Scan Config in Saner console. 
 

  • Please create the New scan policy with Local Security checks Under Family for compliance scan and vulnerability scan option according to requirement and Click on Next button. 
    A screenshot of a computer 
Description automatically generated 

 

 

 

  •  Update the Authentication SMB credentials of the target device. 

A screenshot of a login page 
Description automatically generated 

 

  • Update the scan policy name as 'AgentLessscan_Policy'  and click on create policy button. 
    A screenshot of a computer 
Description automatically generated 

 

3. Steps to create the Scan config for Network scanner.: 

  • Once above steps are completed, Navigate to Summery page and select the created scan policy and scan config and wait for Network scanner comes for stable status. 
    A screenshot of a computer 
Description automatically generated 

A screenshot of a computer 
Description automatically generated 

 

  • Click on Network scanner and initiate the Scanner and wait for its gets complete. 
  • Once the scanner gets complete it will show target device details on same account Manage> Devices section. 
    A screenshot of a computer 
Description automatically generated 
     

A screenshot of a computer 
Description automatically generated 

 
 

  • You can also verify status and download the scanned report from from Scanner 'i' and download icon. 
    A screenshot of a computer 
Description automatically generated 

 

Conclusion: 
The Agentless Scanner in SanerCVEM tool enables you to perform efficient and accurate security assessments without deploying agents. By following the outlined steps, you can configure and execute scans across your network to detect vulnerabilities and misconfigurations. 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article