Documentation Version: er2.0.28-docs-1.1

Agentless Scan

You can use ER2 to perform an agentless scan on network Targets via a Proxy Agent. Agentless scans allow you to perform a scan on a target system without having to:

  1. Install a Node Agent on the Target host, and

  2. Transmit sensitive information over the network to scan it.

Use agentless scans when:

For more information, see Agentless Scan Requirements below.

How An Agentless Scan Works

When an agentless scan starts, the Proxy Agent receives instructions from the Master Server to perform a scan on a Target host. Once a secure connection to the Target host has been established, the Proxy Agent copies the latest version of the scanning engine to a temporary location on the Target host.

The scanning engine is then run on the Target host. It scans the local system and sends aggregated results to the Proxy Agent, which in turn sends the results to the Master Server. Data scanned by ER2 is kept within the Target host. Only a summary of found matches is sent back to the Master Server.

Once the scan completes, the Proxy Agent cleans up temporary files created on the Target host during the scan and closes the connection.

Agentless Scan Requirements

Make sure that the Target host fulfils the following requirements:

Target Host (Destination)

Proxy Agent (Source)

TCP Port Allowed Connections


Windows host Windows Proxy Agent

Port 135.

For Targets running Windows Server 2008 and newer:

  • Dynamic ports 9152 - 65535

For Targets running Windows Server 2003R2 and older:

  • Port 139 and 445
  • Dynamic ports 1024 - 65535

WMI can be configured to use static ports instead of dynamic ports.
Unix or Unix-like host Windows or Unix Proxy Agent Port 22. Target host must have an SSH server running. Proxy Agent host must have an SSH client installed.
For best results, use a Proxy Agent host that matches the Target host platform. For example, Debian Proxy Agent hosts should scan Debian Target hosts.

Start An Agentless Scan

To perform an agentless scan on a Target:

  1. In DASHBOARD, TARGETS, or SCHEDULE MANAGER, click Start Search.
  2. On the Select Locations page, click + Add Unlisted Target.
  3. In the Select Target Type window, choose Server and enter the host name of the Target in the Enter New Target Hostname field.
  4. Click Test. If ER2 can connect to the Target, the button changes to a Commit button.

  5. In the Select Types dialogue box, select Target locations from Local Storage or Local Process Memory and click Next.
  6. In the Setup Targets page, assign the new Target to a Target Group, and select the operating system for the Target.
  7. The UI prompts you if there is no usable Agent detected on the Target host. Select Would you like to search this target without installing an agent on it? to continue.
  8. Fill in the following fields and click Next:



    Credential LabelEnter a descriptive label for the credential set.
    UsernameEnter your Target host user name.
    PasswordEnter your Target host user password.
    Agent to act as proxy hostSelect a suitable Proxy Agent.
  9. On the Select Data Types page, select the Data Type Profiles to be included in your scan and click Next. See Data Type Profiles.

  10. Set a scan schedule in the Set Schedule section. Click Next
  11. Review your scan configuration. Once done, click Start Scan.