What are the limitations of agent-only based VM scanning?

AbacusMatt · 2024-04-18T15:52:43+00:00

There was an error rendering this rich post.

Hi,

We have a customer site where our engagement is to only scan computers for vulnerabiltities. As such, we have not deployed a scan node. WIthSecure indicated that a scan node is not needed for this purpose.

However, we notice that many vulnerabilities are not caught this way. For example, deprecated TLS versions are not found during agent scanning. This is just one example.

What are the true limitations of agent-based scanning? Or perhaps someone knows if there is something we need to do to capture this information.

Thanks.

Find more posts tagged with

Accepted answers

Sethu Laks

Hi @AbacusMatt

Thank you for reaching out the WithSecure Community,

There are some limitations for the Elements Agent with VM capabilities (Agent-based):

The Elements Agent with VM capabilities (Agent-based) utilizes the OneClient ecosystem, sending telemetry and vulnerability scan metadata to the WithSecure Cloud.
Business Suites (BS) and BS+EDR agents are not compatible with Elements Agent with VM capabilities.
Elements Agent with VM capabilities is currently supported only on Windows endpoint devices.
Elements Agent with VM capabilities is managed through the Elements VM Cloud management portal.
When comparing Elements Agent with VM capabilities scan to SystemScan, authenticated scan, there may be fewer findings. This is because authenticated SystemScan provides a combined external and internal view of the device. For example, SSL/TLS issues related to misconfigurations of a web server running on the device.
There are no combined SKUs like "EDR+EPP+Elements VM agent" and corresponding subscription keys. Use the Elements Agent with VM capabilities subscription key only if you intend to install Elements Agent with VM capabilities as a standalone feature.

Best regards,
Sethu
Community Moderator | Technical Support Engineer
WithSecure™ https://www.withsecure.com/en/home

All comments

AbacusMatt

Thank you, Sethu.

Sethu Laks

Hi @AbacusMatt

Thank you for reaching out the WithSecure Community,

There are some limitations for the Elements Agent with VM capabilities (Agent-based):

The Elements Agent with VM capabilities (Agent-based) utilizes the OneClient ecosystem, sending telemetry and vulnerability scan metadata to the WithSecure Cloud.
Business Suites (BS) and BS+EDR agents are not compatible with Elements Agent with VM capabilities.
Elements Agent with VM capabilities is currently supported only on Windows endpoint devices.
Elements Agent with VM capabilities is managed through the Elements VM Cloud management portal.
When comparing Elements Agent with VM capabilities scan to SystemScan, authenticated scan, there may be fewer findings. This is because authenticated SystemScan provides a combined external and internal view of the device. For example, SSL/TLS issues related to misconfigurations of a web server running on the device.
There are no combined SKUs like "EDR+EPP+Elements VM agent" and corresponding subscription keys. Use the Elements Agent with VM capabilities subscription key only if you intend to install Elements Agent with VM capabilities as a standalone feature.

Best regards,
Sethu
Community Moderator | Technical Support Engineer
WithSecure™ https://www.withsecure.com/en/home