Agentless inventory and vulnerability scanner

The self-electing subnet service (SESS) agentless inventory and vulnerability scanner is new to Ivanti® Endpoint Manager and Endpoint Security for Endpoint Manager 2016.3. When enabled on a subnet (it's disabled by default), the SESS-elected device uses credentials an administrator provides to attempt full inventory (and optionally, vulnerability) scans on unmanaged and Ivanti-agentless devices found by extended device discovery (XDD). By default the elected device attempts these scans for unmanaged devices on its subnet once per day.

The agentless scanner does this by periodically getting a list of unmanaged devices from the core server. The elected device remotely uses credentials an administrator provides to map a drive to an unmanaged device's C$ share. The credentials provided should ideally be domain administrator credentials. By default Windows typically disables C$ share access to local accounts.

If the mapping is successful, the elected device copies scanner files to a temporary folder, C:\Landesk_AGLS\scanner. From there the scanner runs and reports results to the elected device, which uploads the scan to the core server. After the scanner finishes, the elected device removes the files and folder it copied, leaving behind the scan file or error file in C:\Landesk_AGLS.

When the agentless inventory scanner runs successfully on a device, that device is moved from the Unmanaged devices database table to the Computers table. You can view agentless devices in the Network view under Devices > Agentless devices. Devices in the Agentless devices view will still be scanned by the agentless scanner once a day if you haven't changed the default scan frequency.

Use the dashboard editor tool to create charts that monitor device discovery. These charts include information on agentless scan status, new agentless devices scanned, and unmanaged devices discovered. For more information, see Dashboard editor.

Follow these steps to enable the agentless inventory scanner on a subnet.

  1. Click Tools > Configuration > Agent settings.
  2. In the Agent settings tree, click Client connectivity and double-click an existing agent setting or right-click and create a new one.
  3. In the agent setting, click Self-electing subnet services > Agentless scanner service.
  4. Select Enable agentless scanner service.
  5. Click Save.
  6. In the Agent settings toolbar, click Create a task > Change settings.
  7. On the Change settings page, select the client connectivity setting you modified.
  8. Click Save.
  9. Add targets to the new change settings task and run it. You can target multiple (or all) devices on a subnet and let SESS manage which device runs the agentless scanner service on that subnet.

The agentless scanner relies on XDD for a list of unmanaged devices that should be scanned. XDD is enabled by default in version 2016.0 and newer.

  1. Click Tools > Configuration > Self-electing subnet services.
  2. In the tree select Extended device discovery (ARP).
  3. Right-click the subnet you want to modify and click Enable.
  4. The default polling interval is 15 minutes and it may take that long for the change to propagate.

These credentials are for Windows devices. Macs aren't supported yet.

  1. Click Tools > Configuration > Self-electing subnet services.
  2. On the toolbar click the Manage credentials button.
  3. Click Add.
  4. Enter the credentials and click Save. Credentials will be attempted in the order they appear in the list. Put the most likely credentials at the top of the list for efficiency. Use the arrows to reorder credentials if necessary.
  5. Repeat as necessary and click Save when you're done.
  1. Click Tools > Configuration > Self-electing subnet services.
  2. In the tree select Agentless scanner service.
  3. Right-click the subnet you want to modify and click Enable.
  4. The default polling interval is 15 minutes and it may take that long for the change to propagate.
  1. Click Tools > Configuration > Self-electing subnet services.
  2. In the tree select Agentless scanner service.
  3. Right-click the subnet you want to modify and click Service settings. The settings apply only to the subnet you selected.
  4. Set the polling and scan frequency you want. The polling frequency is how often an elected scanner asks the core for an updated list of new unmanaged devices on the subnet.
  5. Change other settings if necessary.
  6. Click Save.