Agentless inventory and vulnerability scanner

The self-electing subnet service (SESS) agentless inventory and vulnerability scanner is new to IvantiĀ® Endpoint Manager and Endpoint Security for Endpoint Manager 2016.3. When enabled on a subnet (it's disabled by default), the SESS-elected device uses credentials an administrator provides to attempt full inventory (and optionally, vulnerability) scans on unmanaged and Ivanti-agentless devices found by extended device discovery (XDD). By default the elected device attempts these scans for unmanaged devices on its subnet once per day.

The agentless scanner does this by periodically getting a list of unmanaged devices from the core server. The elected device remotely uses credentials an administrator provides to map a drive to an unmanaged device's C$ share. The credentials provided should ideally be domain administrator credentials. By default Windows typically disables C$ share access to local accounts.

If the mapping is successful, the elected device copies scanner files to a temporary folder, C:\Landesk_AGLS\scanner. From there the scanner runs and reports results to the elected device, which uploads the scan to the core server. After the scanner finishes, the elected device removes the files and folder it copied, leaving behind the scan file or error file in C:\Landesk_AGLS.

When the agentless inventory scanner runs successfully on a device, that device is moved from the Unmanaged devices database table to the Computers table. You can view agentless devices in the Network view under Devices > Agentless devices. Devices in the Agentless devices view will still be scanned by the agentless scanner once a day if you haven't changed the default scan frequency.

Use the dashboard editor tool to create charts that monitor device discovery. These charts include information on agentless scan status, new agentless devices scanned, and unmanaged devices discovered. For more information, see Dashboard editor.

Follow these steps to enable the agentless inventory scanner on a subnet.