This section provides instructions on how to prepare your internal network for authenticated scanning using Windows Remote Management (WinRM).
F-Secure Elements Vulnerability Management supports two ways of authenticating to Windows systems:
- If the scan node is deployed on a Windows computer, use the scan node service account credentials (recommended)
- Specify credentials explicitly in the F-Secure Elements Security Center
F-Secure Elements Vulnerability Management uses WinRM to check for missing Windows patches and detect vulnerabilities related to common third-party software. WinRM obtains the list of Windows patches from Windows Update Agent using one of the following sources:
- Microsoft’s own Windows Update Service (internet access required)
- An internal network WSUS service
- A Windows Updates database file (available only when using scan nodes that are deployed on Windows computers)
These options can be enabled and disabled in the F-Secure Elements Vulnerability Management scan templates.
If you choose the first option (Windows Update Service), you can also select the Check for other Microsoft products option. This allows you to retrieve updates not only for Windows systems, but also for other Microsoft products (such as Microsoft Office).
Note: Windows 10, Windows Server 2016, or newer target systems that do not have the Receive updates for other Microsoft products when you update Windows option enabled in Windows Update settings may not include the service required for finding updates for other Microsoft products. To mitigate this problem, Elements Vulnerability Management adds the service source ID to the target if necessary. Although Elements Vulnerability Management is not able to undo this change, it should not be a concern, as it does not affect any functionality of Windows Update Service or the settings for automatic updates on a scanned machine.
The third option (Windows Updates database file) can be used as a failover option if the target Windows systems do not have network access to Windows Update Service or WSUS. When enabled, F-Secure Elements Vulnerability Management is able to check for missing Windows patches by uploading the Windows Updates database file (wsusscn2.cab) onto the target system’s temp folder (%SystemRoot%\Temp\MBSA\Cache\). Once uploaded, WUA will utilize this file to check for missing Windows patches, without accessing the internet.
Besides checking for missing Windows patches, F-Secure Elements Vulnerability Management also detects vulnerabilities related to common third-party software. WinRM fetches the list of third-party software from Windows Registry.