Overview
This article provides a step-by-step guide to identify open ports on Windows systems using the Checks feature in Saner CVEM and to perform remediation actions through the Endpoint Management (EM) module.
How to Access Open Port Data
Log in to the Saner console.
Click on the Endpoint Management (EM) module.
Navigate to the Checks section.
Select the query Open Ports.
Review the graphical representation of open ports per device.
Scroll down to view the detailed table with process-level information.
What the Table Shows
Each entry provides the following details:
local_port: Port number in use
protocol: TCP or TCPv6
local_address: IP address on which the port is listening
portstate: Current state (e.g., LISTEN)
process_name: Executable using the port (e.g., svchost.exe)
pid: Process ID
Device Names: Device(s) where the port is open
Common Use Cases
Security audit: Identify systems exposing sensitive ports like 445, 139, or 3389.
Troubleshooting: Determine which process is using a suspicious or unknown port.
Compliance: Ensure that systems meet internal network access policies.
Available Actions
Direct remediation actions available at the bottom of the result pane include:
Stop process by name or PID
Block process execution
Remove service
Restart service
Change service startup type (Automatic, Manual, Disabled)
Start or stop a service
Note: Always validate a process before stopping or removing it to avoid impacting system functionality.
Exporting Results
Click the CSV button to export the data for:
Documentation and audit reports
Integration with ITSM or CMDB tools
Manual investigation or escalation
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article