Vulnerability Scanner can check for the presence of security software on agents. The following table discusses how Vulnerability Scanner checks security products:
| Product | Description |
|---|---|
ServerProtect for Windows |
Vulnerability Scanner uses RPC endpoint to check if SPNTSVC.exe is running. It returns information including operating system, and Virus Scan Engine, Virus Pattern and product versions. Vulnerability Scanner cannot detect the ServerProtect Information Server or the ServerProtect Management Console. |
ServerProtect for Linux |
If the target endpoint does not run Windows, Vulnerability Scanner checks if it has ServerProtect for Linux installed by trying to connect to port 14942. |
Security Agent |
Vulnerability Scanner uses the Security Agent port to check if the Security Agent is installed. It also checks if the TmListen.exe process is running. It retrieves the port number automatically if executed from its default location. If you launched Vulnerability Scanner on any endpoint other than the Apex One server, check and then use the other endpoint's communication port. |
PortalProtect™ |
Vulnerability Scanner loads the web page http://localhost:port/PortalProtect/index.html to check for product installation. |
ScanMail™ for Microsoft Exchange™ |
Vulnerability Scanner loads the web page http://ipaddress:port/scanmail.html to check for ScanMail installation. By default, ScanMail uses port 16372. If ScanMail uses a different port number, specify the port number. Otherwise, Vulnerability Scanner cannot detect ScanMail. |
InterScan™ family |
Vulnerability Scanner loads each web page for different products to check for product installation.
|
Trend Micro Internet Security™ (PC-cillin) |
Vulnerability Scanner uses port 40116 to check if Trend Micro Internet Security is installed. |
McAfee VirusScan ePolicy Orchestrator |
Vulnerability Scanner sends a special token to TCP port 8081, the default port of ePolicy Orchestrator for providing connection between the server and agent. The endpoint with this antivirus product replies using a special token type. Vulnerability Scanner cannot detect the standalone McAfee VirusScan. |
Norton Antivirus™ Corporate Edition |
Vulnerability Scanner sends a special token to UDP port 2967, the default port of Norton Antivirus Corporate Edition RTVScan. The endpoint with this antivirus product replies using a special token type. Since Norton Antivirus Corporate Edition communicates by UDP, the accuracy rate is not guaranteed. Furthermore, network traffic may influence UDP waiting time. |
Vulnerability Scanner detects products and computers using the following protocols:
RPC: Detects ServerProtect for NT
UDP: Detects Norton AntiVirus Corporate Edition clients
TCP: Detects McAfee VirusScan ePolicy Orchestrator
ICMP: Detects computers by sending ICMP packets
HTTP: Detects Security Agents
DHCP: If it detects a DHCP request, Vulnerability Scanner checks if antivirus software has already been installed on the requesting endpoint.