Product Version: 6.5.0.0
Overview
This article provides a comprehensive breakdown of the Saner Agent’s scanning process, including detailed steps, executed commands, log updates, and upload procedures. Each phase is outlined to help users understand how the agent performs scans, processes data, and reports results to the server.
Sequence of Events During the Scan
1. Agent Activation Status
When a device is activated, the agent sends a response code to the Saner server.
Once the server acknowledges the response, the agent appears as Active in the Viser interface, ready for scanning and management operations.
Ensure that the agent version aligns with organizational policies or compliance requirements.
2. Compliance Scan
The compliance scan is initiated using the following predefined command:
"C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x\bin\spscanmanager.exe" COMPLIANCE "C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x" "C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x\updates"
After execution, the agent verifies the scan’s exit code to confirm successful completion.
Example log entry:
Scan process exit code for 'COMPLIANCE' scan. Exit_code:The operation completed successfully
3. Vulnerability Scan
After completing the compliance scan, the agent automatically triggers a vulnerability scan using the command:
"C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x\bin\spscanmanager.exe" VULNERABILITY "C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x" "C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x\updates"
Once the scan is finished, logs are updated and can be viewed on the Viser device page.
This scan identifies vulnerabilities present in the device and reports them to the Saner server.
4. Response Code Update
After completing the scan, the agent sends a status update to the server to record the latest scan results.
Example log entry:
Updating status to server: ScanDone
This ensures that the latest scan data and compliance information are reflected in the console.
The spscanmanager file is updated with a timestamp confirming completion.
5. Detailed Scan Results
The agent executes the following command to collect detailed system scan results:
"C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x\bin\spscanmanager.exe" "C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x"
These results provide in-depth system configuration, compliance, and vulnerability information.
Example log entry:
Scan process exit code for 'Detailed System' scan. Exit_code: The operation completed successfully.
6. Patch Scan
The patch scan identifies missing and installed patches using the following commands:
"C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x\bin\spscanmanager.exe" "C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x" "PatchServerCheck"
"C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x\bin\spscanmanager.exe" "C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x" "PatchCollection"
After successful execution, logs confirm patch collection and upload:
installed and missing patch collection done ScanDone status. Successfully updated to server.
7. CRE Files Download
The agent downloads Configuration Data Template (CRE) files from the server using the command:
https://saner.secpod.com/AncorWebService/sanergetcrebundleforcveccelist?macaddress= <<MAC ADDRESS of the device >>
These files help the agent perform accurate vulnerability and patch assessments.
Example log entry:
getAllCREs DONE!! All CRE files downloaded successfully.
8. Windows Update Agent (WUA) Checks
The agent performs Windows Update Agent checks to identify missing Windows updates.
Logs capture probe collection, system data retrieval, and patch status.
9. Patch Repository Collection
The agent collects patch repository details using the following command:
"C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x\bin\spscanmanager.exe" "C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x" "PatchServerCheck"
Logs confirm successful repository data collection and scan completion.
Conclusion
The Saner Agent follows a systematic and automated process for scanning devices, collecting compliance and vulnerability data, and identifying missing patches. Through consistent logging, status updates, and data uploads, administrators gain complete visibility into device health and patch posture. This streamlined process ensures continuous monitoring, compliance enforcement, and proactive remediation across the organization.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article