JSA Vulnerability Manager uses Windows Management Instrumentation (WMI) to locate and identify versions of the installed .exe and .dll files on the target assets that are scanned.
Without the information that is provided by Windows Management Instrumentation (WMI), many third-party applications are missed. False positives that are detected during registry scanning (by using the remote registry service) cannot be identified or removed by JSA Vulnerability Manager.
WMI is installed on all of modern Windows operating systems, such as Windows Vista, Windows 2008, Windows 2012, Windows 7, Windows 8, and Windows 8.1).
Remote WMI requests must be enabled and accessible by the scanning user on assets that are scanned. If WMI is not available, the following error is reported in the scan results:
Local Checks Error – Unable to Query WMI serviceMount Remote Filesystem
In JSA Vulnerability Manager release 2014.3 and above, a yellow triangle warning icon appears next to the asset in the scan results.
To read WMI data on a remote server, a connection must be made from your management computer (where the monitoring software is installed) to the server that you are monitoring. If the target server is running the Windows Firewall (also called Internet Connection Firewall) which is installed on Windows XP and Windows 2003 computers, you must configure the firewall to allow remote WMI requests through. To configure Windows Firewall to allow remote WMI requests, open a shell prompt and enter the following command:
netsh firewall set service RemoteAdmin enable
If your patch scan is not successful, do the following steps.
- On the target server, go to Control Panel >Administrative Tools >Computer Management.
- Expand Services and Applications.
- Right-click WMI Control and click Properties.
- Click the Security tab.
- Click Security.
- If necessary, add the monitoring user, and click the Remote Enable check box for the user or group that requests
WMI data. To add a monitoring user or group:
In the Enter the object names to select field, type the name of your group or user name.
- Click Advanced and apply to the root and sub
In some cases, you might also need to configure the Windows firewall and DCOM settings.
If you experience WMI issues, you can install the WMI Administrative tools from the Microsoft website.
The tools include a WMI browser that helps you connect to a remote machine and browse through the WMI information. These tools help you to isolate any connectivity issues in a more direct and simpler environment.