Pre-requisites for Performing Agentless Scans

Modified on Fri, 1 Aug at 12:53 AM

Summary

This article outlines the necessary pre-requisites required to perform Agentless Scanning using Saner Network Scanner. These requirements vary based on the target device’s operating system (Windows, Linux, or macOS).


Scope

Applicable for all organizations using Saner Network Scanner to perform agentless vulnerability and configuration scans on endpoints within their environment.


Pre-requisites by Operating System

For Windows Devices

Required Network and System Configurations:

  • TCP Port 445 must be accessible from both the Network Scanner and the target device.

  • File and Print Sharing must be enabled on the target machine.

  • The admin share (typically C$ or %systemroot%) must be accessible.

Authentication Requirement:

  • A common administrator credential is needed.

    • For Domain Devices: Use a valid domain admin account.

    • For Local Devices: Use a local admin account with remote login access.

Additional Steps for Workgroup Devices:

To allow full token-based remote access for local admin accounts:

  1. Press Win + R, type regedit, and press Enter.

  2. Navigate to the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

  3. If the key LocalAccountTokenFilterPolicy does not exist:

    • Right-click in the right pane → New → DWORD (32-bit) Value

    • Name it: LocalAccountTokenFilterPolicy

  4. Set its value to 1

  5. Close the registry editor and restart the system if needed.

For Linux and macOS Devices

Required Services and Configurations:

  • SSH Server must be installed and running on all target devices.

  • Port 22 (SSH) must be open and allowed through the firewall.

Authentication Requirement:

  • A common administrator credential must be available.

    • The user must either:

      • Have root privileges, or

      • Be part of the sudoers group with passwordless sudo (recommended)

Note:

  • These requirements apply to Linux/macOS target systems.

  • If the Network Scanner is installed on a Linux system, ensure that SSH is also configured properly on it.


Important Notes

  • The above pre-requisites apply only to target devices being scanned in agentless mode.

  • Endpoints designated as Network Scanner nodes do not need to meet these requirements.


Troubleshooting Tips

  • Ensure firewall rules and access controls allow the necessary ports and services.

  • Validate credentials by manually accessing the target device using the same method (e.g., SMB or SSH).

  • Use administrative tools to test for open ports and service accessibility before initiating the scan.


For further assistance with agentless scan setup or troubleshooting, contact the support team at
support@secpod.com

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article