How to change configuration scan modes for Windows operating systems

Article:HOWTO31238  |  Created: 2010-08-27  |  Updated: 2012-05-01  |  Article URL http://www.symantec.com/docs/HOWTO31238
Article Type
How To



When performing configuration scans against Windows operating systems, you have several scan modes to choose from. These modes are available to provide the user with flexibility in how the scans are executed. Depending on your desire to conserve bandwidth, minimize impact on end points, or extend coverage to remote systems, each mode or combination of modes will address your specific need.

Navigate: Client Portal > Module Management > Configuration > Scan Scheduling

When a new scan is scheduled or an existing scan is edited there is an option "Scan Type" under "Step 1: Scan Targets".  The modes available in "Scan Type" are:

"AgentLess" - in Agentless mode, all scan activity will be performed via network requests. Each data point or collection of data points gathered from the end point is accomplished via serial network requests. No services or agents are installed on the end point, however, more network bandwidth is consumed.

"Dissolving Agent" - the Service mode connects to each endpoint at the beginning of a scan and installs a service on the end point. The service collects data points locally on the end point without requiring network communication back to the scanner. After the data is collected from the local end point, the service sends the data back to the scanner and deletes itself from the end point. One of the biggest benefits to Service mode is that because he scan happens locally, it can collect certain types of data that are unavailable to remote scanning.

"Agent" - the Agent mode connects to each end point and installs a local service just as in Service mode. However, this mode will leave the service installed instead of deleting itself. Once deployed, the persistent service will check-in with the SecureFusion portal on pre-set intervals (i.e. every 15 minutes) to see if the end point has been scheduled to be scanned. If so the service will perform another scan and send the results to the portal. This process will repeat itself until the service is stopped, disabled or uninstalled.

To maximize your scan coverage, several hybrid modes are also available as follows:

"Dissolving agent scan on error do agent-less scan" - This hybrid mode is a combination of Dissolving Agent and Agent-less. The scanner will attempt to deploy the dissolving agent as the default method. If the scanner encounters an error when deploying the service, rather than fail and quit, it will attempt to complete an agent-less scan.

"Agent-less on error do dissolving agent" - This hybrid mode is also a combination of Dissolving Agent and Agent-less. However, in this mode, the scanner will attempt an agentless scan first. In the event of an error in Agent-less mode (i.e a WMI error), the scanner will attempt to complete a scan using the dissolving agent.

To change the scan mode:

1. Go to Client Portal > Module Management > Configuration > Scan Queue
2. Select "Edit" for the scan you wish to change the scanner type on.
3. You will see the "Configuration Scan Criteria" page, Step 1 is the scanner type. Use the drop-down menu to choose the type of scanner you would like to use.
4. Press "Next" on all pages until you reach the last page, then select "finish"
5. Choose "Return to Scan Scheduling" and verify that the scan type shows correctly.


Article URL http://www.symantec.com/docs/HOWTO31238


Terms of use for this information are found in Legal Notices