Phone Lines icon GFI Support

Articles in this section

See more

Scheduled Scans Not Showing Results in the Activity Monitor

Author: Luis Fernandes Updated

Overview

This article will be used when scheduled scans do not show results in the Activity Monitor even though the Last Scanned column in Configuration > Scheduled Scans shows the scan as having run.

Environment

  • GFI LanGuard.
  • All supported environments.

Root Cause

The Replace a process level token policy allows a process (or service) to open another process (or service) and the scanning account credentials must have this right to launch the lnsscomm.exe process (which is required to scan).

Without the right, the scanning account will launch the scheduled scan which will update the "Last Scanned" column value but then fail to launch the lnsscomm.exe process and the scan will not begin.

The Logon as a batch file right is needed for remediation.

Resolution

Add the account used for scanning and the account used for the LNSSCommunicator module to the Replace a process level token and Logon as a batch job local security policies as follows:

  1. Determine the account being used for scanning by checking the scheduled scan > Properties > Logon Credentials tab:
    • If there are no credentials specified AND Use per computer credentials when available is not checked, then the GFI LanGuard Attendant Service account will be the one to be used.
    • If Alternative Credentials are specified AND Use per computer credentials when available is not checked, then the specified Alternative Credentials will be used.
    • If Alternative Credentials are specified AND Use per computer credentials when available is checked AND the computer has Per-computer Credentials assigned in the Dashboard > Computer Properties dialog, then the specified Per-computer Credentials will be used.

    mceclip2.png
  2. Open Dcomcnfg (Start > Run > type dcomcnfg.exe and press Enter) and navigate to the Identity tab of the LNSSCommunicator properties (under Computers > My Computer > DCOM Config > LNSSCommunicator) and check the account being used.

    mceclip0.png
  3. Open the Local Security Policy editor (under Control Panel or running by gpedit.msc).
  4. Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
  5. Open the Properties dialog of the Replace a process level token policy.
  6. Ensure the scanning account used and the Identity account of the LNSSCommunicator are included (add them if not included).
  7. Do the same for the Logon as a batch job policy.
mceclip3.png

Confirmation

If you have successfully managed to follow through the above steps, the scheduled scan will start showing results in the Activity Monitor.