Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Comprehensive Guide to Saner Agent Device Scanning and Data Processing

            Modified on Sun, 16 Mar at 12:15 PM

            Overview 

            This article provides a comprehensive breakdown of the Saner Agent's scanning process, including detailed steps, executed commands, log updates, and upload procedures. Each phase is outlined to ensure clarity in understanding how the agent performs scans and reports results. 
             
            Sequence of Events During the Scan 

            Agent Activation Status 

            1. When a device is activated, the agent sends a response code to the Saner server. 
            2. Only after receiving this response does the agent appear on the Viser interface as active and ready for operations. Align agent versions with organizational policies or compliance requirements. 

            Compliance Scan 

            1. The compliance scan is initiated using a predefined command: 
              "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4\bin\spscanmanager.exe" COMPLIANCE "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4" "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4\updates" 

            2. After execution, the agent verifies the scan's exit code to confirm successful completion. 
              Scan process exit code for 'COMPLIANCE' scan. Exit_code:The operation completed successfully.

            3.  The system logs an entry similar to the following: 
              A close up of text Description automatically generated 




            Vulnerability Scan 

            1. Upon completing the compliance scan, the agent automatically starts the vulnerability scan using the following command: 
              "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4\bin\spscanmanager.exe" VULNERABILITY "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4" "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4\updates" 
            2. Once the scan is finished, logs are updated and can be accessed on the Viser device page. 

            • Example log entry: 
              A close-up of text Description automatically generated 

             


            Response Code Update 

            • After completing the scan, the agent sends a status update to the server. 
              "Updating status to server: ScanDone" 
            • This ensures the latest scan results are recorded, and the device's compliance status is updated. 
              Simultaneously, the spscanmanager file is updated with a timestamp. 
               

              
             Detailed Scan Results 

            • The agent executes a command to retrieve detailed scan results, which provide extensive system information. 
              "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4\bin\spscanmanager.exe"  "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4" 
               
            • These results are then uploaded to the server with a confirmation message, ensuring the latest device insights are available for analysis. 
              Scan process exit code for 'Detailed System' scan. Exit_code:The operation completed successfully. 
               


            Patch Scan 

            • The patch scan is triggered using the following command: 

            Scan command line arguments: "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4\bin\spscanmanager.exe"  "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4" "PatchServerCheck" 
             
            "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4\bin\spscanmanager.exe"  "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4" "PatchCollection" 

            • Upon successful execution, logs capture the details, and completion messages confirm the process. 
              installed and missing patch collection done 
              ScanDone status. Successfully updated to server. 
               

                  
            CRE Files Download 

            • The agent downloads CDT (Configuration Data Template) files from the server using the following command: 

            https://saner.secpod.com/AncorWebService/sanergetcrebundleforcveccelist?macaddress=  <<MAC ADDRESS of the device >> 

            • These files help ensure accurate assessment and scanning of the device’s security posture. 
              getAllCREs DONE!!  
              All cre files downloaded. 

            Windows Update Agent (WUA) Checks 

            • The agent verifies available updates for Windows Update Agent (WUA). 
            • Logs capture probe collection, system information gathering, and installed patches. 
               

               

            Patch Repository Collection 

            • The agent collects patch repository data using the following command: 

            "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4\bin\spscanmanager.exe"  "C:\Program Files (x86)\SecPod Saner\Agent\6.3.1.4" "PatchServerCheck" 

            • Logs indicate successful repository collection and scan completion. 

             
             
             
            Conclusion 

            The Saner Agent follows a structured and automated scanning process to ensure devices are continuously monitored for compliance, vulnerabilities, and missing patches. The system logs and response codes provide transparency into each phase, allowing administrators to track scan statuses effectively.


                

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0