- GFI LanGuard
- All supported environments
Scheduled scans do not show results in the Activity Monitor even though the Last Scanned
column in Configuration
> Scheduled Scans
shows the scan as having run.
Add the account used for scanning and the account used for the LNSSCommunicator module to the Replace a process level token
and Logon as a batch job
local security policies as follows:
- Determine the account being used for scanning by checking the scheduled scan > Properties > Logon Credentials tab:
- If there are no credentials specified AND Use per computer credentials when available is not checked, then the GFI LanGuard Attendant Service account will be the one used
- If Alternative Credentials are specified AND Use per computer credentials when available is not checked, then the specified Alternative Credentials will be used
- If Alternative Credentials are specified AND Use per computer credentials when available is checked AND the computer has Per-computer Credentials assigned in the Dashboard > Computer Properties dialog, then the specified Per-computer Credentials will be used
- Open Dcomcnfg (Start > Run > type dcomcnfg.exe and press Enter) and navigate to the Identity tab of the LNSSCommunicator properties (under Computers > My Computer > DCOM Config > LNSSCommunicator) and check the account being used.
- Open the Local Security Policy editor (under Control Panel or running by gpedit.msc).
- Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
- Open the Properties dialog of the Replace a process level token policy.
- Ensure the scanning account used and the Identity account of the LNSSCommunicator are included (add them if not included).
- Do the same for the Logon as a batch job policy.
The Replace a process level token
policy allows a process (or service) to open another process (or service) and the scanning account credentials must have this right to launch the lnsscomm.exe process (which is required to scan). Without the right, the scanning account will launch the scheduled scan which will update the "Last Scanned" column value but then fail to launch the lnsscomm.exe process and the scan will not begin. The Logon as a batch file
right is needed for remediation.