Appendix: Additional security scanner information

LANDesk Security Suite includes the Patch and Compliance tool as the main component of its comprehensive security management solution. Use this tool to download updates for various security content definitions and patches; create, configure, and run security assessment scans, compliance scans, and remediation scans; enable security alerts; generate security reports, and more. For more information, see Patch and Compliance and Patch and Compliance help.

This section provides supplemental information about using the Patch and Compliance security scanner.

Read this section to learn about:

Security scanner command-line parameters

The security scanner is called vulscan.exe. The scanner supports the following command-line parameters:

Parameter name Description

General parameters

/AgentBehavior=ScanRepairSettingsID

Overwrites the default behavior of the security scanner (scan and repair settings) for only the current security assessment or remediation scan job. The ScanRepairSettings ID is a number value.

/ChangeBehaviors /AgentBehavior=ScanRepairSettingsID

Changes the default scan and repair settings for any subsequent security assessment or remediation scan job by writing the scan and repair settings to the device's local registry. Use the exact syntax to the left, with both switches in the command line. The ScanRepairSettings ID is a number value.

NOTE: You can use this option to change the default scan and repair settings for a device without having to do a full agent configuration deployment to the device.

/ShowUI

Shows the scanner UI on the end user device.

/AllowUserCancelScan

Shows a Cancel button on the scanner UI that lets the end user cancel the scan.

/AutoCloseTimeout=Number

Timeout value in seconds.

NOTE: If the value is set to -1, then the scanner UI waits for the end user to manually close it.

/Scan=Number Code (0-8)

Identifies which security content type is being scanned for. The number codes for the different security content types are:

0 - vulnerability

1 - spyware

2 - security threat

3 - LANDesk updates

4 - custom definition

5 - blocked application

6 - software updates

7 - driver updates

8 - antivirus

100 - all types

/Group=GroupID

Identifies the security content group being scanned for. This option overrides specific content type parameters, if present.

/AutoFix=True or False

Enables or disables the autofix feature.

Repair parameters

/Repair (Group=GroupID, or Vulnerability=VulnerabilityID, or Vulnerability=All)

Tells the scanner which group or vulnerability to repair (remediate). You can specify All for vulnerabilities in order to repair all detected vulnerabilities instead of a single vulnerability by its ID.

/RemovePatch=PatchName

Removes the specified patch from the patch repository.

/RepairPrompt=MessageText

Lets you display a text message that prompts the end user.

/AllowUserCancelRepair

A string that allows the end user to cancel repair if using a repair prompt.

/AutoRepairTimeout=Number

A timeout value for the repair prompt in seconds. If it's set to -1, then the prompt waits for the end user to close it manually.

/DefaultRepairTimeoutAction

A string for the default action for vulscan to take if timeout expires for repair prompt. Acceptable values include start and close.

/StageOnly

A string to retrieve the patch or patches needed for repair, without installing them.

/Local (get files from peer)

Forces peer only download.

/PeerDownload

Same as /local.

/SadBandwidth=Number

Maximum percentage of bandwidth to use when downloading.

Reboot parameters

/RebootIfNeeded

Use this parameter to reboot a machine if needed.

/RebootAction

A string that determines vulscan's reboot behavior when repairing. Acceptable values: always, never, or empty (anything else). If anything else, then vulscan will reboot if needed.

/RebootMessage

A string that displays a text message to the end user in a reboot prompt.

/AllowUserCancelReboot

A string that allows the end user to cancel reboot if using a reboot prompt.

/AutoRebootTimeout=Number

Timeout value of reboot prompt in seconds. If set to -1, then the UI waits for the user to close it manually.

/DefaultRebootTimeoutAction

A string that determines the action for vulscan to take if timeout value expires for reboot prompt. Acceptable values: reboot, close, snooze.

/SnoozeCount=Number

Number of snoozes. Vulscan decrements each time the user clicks Snooze on the reboot prompt.

/SnoozeInterval=Number

Number of seconds for vulscan to sleep between snoozes.

MSI parameters

/OriginalMSILocation=path

Path to original MSI location.

/Username=username

Username for MSI directory.

/Password=password

Password for MSI directory.

Disable parameters

/NoElevate

Don't launch vulscan via core tech.

/NoSleep

Prevents sleeping during definition scan.

/NoSync

Doesn't get mutex, scans multiple instances.

/NoUpdate

Don't get a new version of vulscan.

/NoXML

Don't look for msxml.

/NoRepair

Same as autofix=false. Overrides autofix settings if present.

Data files parameters

/Dump

Dumps vulnerability data directly from Web service.

/Data

Pulls in vulnerability data (from /dump).

/O=Path\Filename

Output scan results.

/I=Path\Filename

Input scan results.

/Log=Path\Filename

Overrides log file name.

/CoreServer=Server name

Identifies core server name.

/Reset

Removes delta file base information (wipes out application data directory).

/Clear or /ClearScanStatus

Clears all vulnerability scan information.