Configuring security scanning options
Use Scanner Options tab to configure the operational parameters of the security–scanning engine. These parameters are configurable on a scan profile by scan profile basis and define how the scanning engine will perform target discovery and OS Data querying.
Scanning Profiles properties: Scanner Options tab
Configurable options include timeouts, types of queries to run during target discovery, number of scanning threads count, SNMPSimple Network Management Protocol is a protocol for network management. It is used to collect information from network devices, such as servers, printers, hubs, switches, and routers. scopes for queries and more.
IMPORTANT
Configure these parameters with extreme care! An incorrect configuration can affect the security scanning performance of GFI LanGuard.
To configure scanner options:
1. From Scanning Profile Editor > Profile categories, select the category that contains the scanning profile you want to edit (example: Complete/Combination Scans).
2. From the Profiles section, select the scanning profile you want to edit (example: Full Vulnerability Assessment).
3. From the right pane, click Scanner Options.
4. Configure the following parameters that determine the scanning behavior of GFI LanGuard:
| Parameter | Description |
|---|---|
| Network Discovery Methods | |
| NetBIOS queries | Enable/disable the use of NetBios queries to discover network devices. |
| SNMP queries | Enable/disable the use of SNMP queries to discover network devices. |
| Ping sweep | Enable/disable the use of Ping sweeps to discover network devices. |
| Custom TCP discovery | Discover online machines by querying for the specified open TCP portsAcronym for Transmitting Control Protocol. This protocol is developed to allow applications to transmit and receive data over the internet using the well-known computer ports.. |
| Network Discovery Options | |
| Scanning delay | Key in the time interval (in milliseconds) between one scan and another. |
| Network discovery query responses timeout | Amount of time in milliseconds the security scanner will wait before timing out when performing a machine discovery query (NetBIOS/SNMP/Ping). |
| Number of retries | Number of times security scanner will retry to connect to a non-responsive machine before skipping it. |
| Include non-responsive computers | Run scans on all the PCs regardless of whether they are detected as being online or not. |
| Perform a TCP port probing in order to detect mobile devices | Perform a TCP port probing in order to detect mobile devices using known ports. |
| Network Scanner Options | |
| Scanning threads count | Key in the number of scan threads that can run simultaneously. |
| NetBIOS Query Options | |
| Scope ID | Used for NetBIOS environments requiring a specific scope ID in order to allow querying. |
| SNMP Query Options | |
| Load SNMP enterprise numbers | Specifies whether security scanner should use the OID (Object Identifier database) containing ID to Vendor map to identify the various types of devices. |
| Community strings | Specifies whether security scanner should use the specified community string for SNMP server detection and information retrieval. |
| Global Port Query Options | |
| TCP port scan query timeout | Amount of time in milliseconds security scanner will wait during a TCP port scan before timing out and moving on to scan the next port. |
| UDP port scan query timeout | Amount of time in milliseconds security scanner will wait during a UDP port scan before timing out and moving on to scan the next port. |
| WMI Options | |
| WMI timeout | Amount of time in milliseconds security scanner will wait for a reply from the remote WMI server before timing out and moving on to the next scan item. |
| SSH Options | |
| SSH timeout | Amount of time in milliseconds security scanner will wait for a SSH script to return before timing out and moving on to the next scan item. |
| Alternative SSH port | Alternative SSH ports to use when the default port 22 is unreachable. |
| Scanner activity window | |
| Type of scanner activity output | Activity progress modes: simple (basic progress - start / stop of operations), or verbose (more detailed information on process flow). |
| Display received packets | Output TCP packets in raw format as they were received by security scanner. |
| Display sent packets | Output TCP packets in raw format as they were sent by security scanner. |
| OS Information Retrieval Options | |
| Create custom share if administrative privileges are disabled | If administrative shares are disabled the scanner will temporarily create a custom hidden share of the form <random GUID>$. The share is used to retrieve data that helps identifying vulnerabilities and missing patches. |
| Start remote registry | If the remote registry service is stopped on the scanned machine, enable this option to temporarily open it during the security scanning. |