Cannot designate nmap scan points on some servers

(imported topic written by arpotu91)

Hello,

I am trying to designate 6 servers as NMAP Scan Points, but only two are showing as relevant candidates. These are Windows 2003 servers. Is there some criterion beyond having the client, to allow a computer to be a potential scan point?

(imported comment written by BenKus)

Hi arpotu,

The Relevance on the “Designate Scan Point” is:

Relevance 1

version of client >= “6.0”

Relevance 2

name of operating system != “WinVista”

Relevance 3

(it = “Win2000” OR it = “WinXP” OR it = “Win2003” OR it = “WinXP-2003”) of name of operating system

Relevance 4

(not exists folder “BESScanner-NMAP\NMAP” of it OR not exists file “nmap.exe” of folder “BESScanner-NMAP\NMAP” of it) of parent folder of regapp “BESClient.exe”

Relevance 5

(not exists file “besnpf.sys” whose (version of it >= “4.0.0.1040”) of it) of folder (pathname of (if x64 of operating system then system x64 folder else system folder) & “\drivers”)

You should check which of these is not true…

Ben

(imported comment written by USMC175)

BF,

Can you tell me if Win2008 R2 will be an ‘Applicable Server’ for the ‘Designate Nmap Scan Point’ Task once the new release (v8) of BigFix comes out?

Thanks,

(imported comment written by BenKus)

I believe we are planning on adding support for Win2k8 R2 for Asset Discovery scan points, but it might be on a different timescale than version 8…

If you want, you can modify the relevance yourself and try it on Win2008 R2 as a test… I think it works, but I haven’t tried it myself…

Ben

(imported comment written by SystemAdmin)

I have tested the nmap tool on Win2008R2 with much success on my personal test systems. My Scan point system acts as my router to the dmz network… thus there are two NICs installed. I only wanted to scan one of them and thus designated the specific ip range from the “Run Nmap Scan” task. I did have to modify the relevance for the following two tasks to get this to work.

“Designate Nmap Scan Point” task:

Changes made::

added Win2008R2

Relevance AND Success Criteria::

(((((if (name of operating system starts with “Win”) then platform id of operating system != 3 else true) AND (version of client >= “6.0”)) AND ((it = “Win2000” OR it = “WinXP” OR it = “Win2003” OR it = “WinXP-2003” OR it = “WinVista” OR it = “Win2008” OR it = “Win2008R2” OR it = “Win7”) of name of operating system)) AND ((not exists folder “BESScanner-NMAP\NMAP” of it OR not exists file “nmap.exe” of folder “BESScanner-NMAP\NMAP” of it) of parent folder of regapp “BESClient.exe”)) AND (if (name of operating system = “Win2000”) then service pack major version of operating system = 4 else true)) AND (not exists key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\BESScanner-NMAP” of x32 registry)

“Run Nmap Scan” task:

Changes made::

added Win2008R2, and removed the NIC counter section (removed Relevance 4)

Relevance::

((((((if( name of operating system starts with “Win” ) then platform id of operating system != 3 else true) AND (version of client >= “6.0”)) AND ((it = “Win2000” OR it = “WinXP” OR it = “Win2003” OR it = “WinXP-2003” OR it = “WinVista” OR it = “Win2008” OR it = “Win2008R2” OR it = “Win7”) of name of operating system)) AND (number of (unique values of (subnet addresses whose (it as string != “0.0.0.0”) of ip interfaces whose (loopback of it = false) of network as string)) = 1)) AND ((exists folder “BESScanner-NMAP” of it AND exists file “nmap.exe” of folder “BESScanner-NMAP\NMAP” of it) of parent folder of regapp “BESClient.exe”)) AND ((number of bits (0;1;2;3;4;5;6;7) whose (it) of ( it as integer ) of ( if it contains “.” then preceding text of first “.” of it else it ) of ( it; following texts of substrings “.” of it ) of ( unique values of (subnet masks of ip interfaces whose (loopback of it = false) of network as string ) as string) ) >= 22)) AND (exists key “HKLM\Software\WinPcap” of x32 registry)