Agent Configuration Options

The following table lists the Agent configuration options.

Agent Configuration Options

Configuration Option

Description

Program Options:

 

-A/--network-appliance

Run in Network Appliance mode.

-c/--cli

Run software inspection from the command line using command-line settings and server-supplied settings.

Exit codes returned:

0 - SUCCESS

1 - SERVER BUSY

2 - OPERATION FAILED

3 - SERVICE FAILED

-d <path> --debug <path>

Write diagnostic information to the specified file.

--getfileinfo <path>

Directory for output file

-h/--help

Display this message and exit.

-n/--checkin-interval <interval>

Set the check-in interval for the service. This setting is in the format INTEGER followed by M/H/D representing minutes, hours, or days.

Example: 10M for a 10-minute interval or 2H for a two-hour interval

-o/--outdir <path>

Directory for output file

-oc/--output-csv <file>

Output inspection results to a CSV file.

-ox/--output-xml <file>

Output inspection results to an XML file.

-si/--scantime_interval <minutes>

Set a random range to delay running software inspection. 0 means no random range, or 1-60 minutes.

--skip-wait/--skipwait

Skip the initial 10 minute wait before the first check in.

-v --verbose

Display or log additional diagnostic information.

-V/--version

Display program version information and exit.

Use this option when you want to check the version of the agent.

Customer Area Option:

 

-g/--group <group>

Create host as a member of <group> in your Software Vulnerability Manager Account (defaults to domain or langroup if unspecified).

Mac Agent Option:

 

--delete-all-settings

Deletes all information, including Globally Unique Identifiers (GUID), from the system to ensure it is clean to accommodate a new installation.

Network Settings:

 

-D --direct-connection

Bypass proxy, use direct connection.

--forcehttps

Force HTTPS, regardless of port.

When this option is not specified, we default HTTPS on port 443 and HTTP on other ports. This option is for debugging purposes.

--ignore-ca

Ignore unknown certificate authority.

--ignore-cn

Ignore invalid Common Name in cert.

--ignore-crl

Ignore Certificate Revocation list.

--pac-url <url>

Proxy Autoconfig URL

--request-timeout <minutes>

Sets a timeout on network connections. Set for 1-10 minutes or use 0 for no timeout.

Use this option to increase the timeout period of HTTP requests to prevent the timeout error when the server does not respond in 2 minutes.

-U <user:pass> --proxy-user <user:pass>

Set proxy credentials (saved in encrypted form).

--use-network-winhttp

Enable WinHttp network stack (default).

Use WinHTTP when you want the agent to control the behaviors of the HTTP Internet protocol. We default WinHTTP to force using TLS 1.2. Also, the command line options for proxy such as -x, -U, and -D are designed to work in conjunction with WinHTTP. This option is for debugging purposes.

--use-network-wininet

Enable WinInet network stack.

Use WinINet when you want to control the behaviors of HTTP Internet protocol using the Internet Options. Since WinINet does not have services support, the agent running as a service ignores this option. This option is for debugging purposes.

-x <proxy:port> --proxy <proxy:port>

Set proxy.

Proxy Options:

 

-D/--direct-connection

Force direct connection, overriding default internet proxy settings.

--pac-url <URL>

Specify the URL of the Proxy Auto Configuration file (.pac/.dat).

-U/--proxy-user <user[:pass]>

Specify Proxy authentication.

-x/--proxy <host[:port]>

Use HTTP proxy on given port.

Scan Options:

 

--check-wmi

Use WMI to get Windows updates.

Use this option to query Windows updates on SCCM using WMI in addition to a query using Windows Update Agent.

This option could be used to see if the SCCM client on the device/host can be used for reporting missing KBs.

-t/--type

Software Inspection Type: 1, 2 (default), or 3.

1: Inspect applications in default locations only.

2: Inspect applications in non-default locations.

3: Inspect all .dll, .exe, and .ocx files.

For details, see Scan Types.

-w/--no-os-update/--no-win-update

Do not connect to Windows Update.

--wua-proxy <0,1 or host[:port]>

Configure proxy settings for Windows Update.

0: Use the default setting.

1: Use the proxy configured with -x/--proxy.

<host[:port]> Manually set the proxy host and port.

Scan settings that server can override:

 

-g <group> --group <group>

Group name for association

-n <minutes>M --checkin-interval <minutes>M

-n <hours>H --checkin-interval <hours>H

Set Check-in interval.

-w --no-win-update --no-os-update

Disable windows update check.

Security Options:

 

--ignore-ca

Ignore Unknown SSL Certificate Authority (CA).

--ignore-crl

Ignore SSL Certificate Revocation Check.

--ignore-cn

Ignore Invalid SSL Certificate Common Name (CN).

Server Options:

 

--userid <userid>

Set the Software Vulnerability Manager access user ID.

--token <token>

Set the Software Vulnerability Manager access token.

--host <hostname>

Set the Server hostname.

--port <port>

Set the Server port.

Service Options:

 

--delete-all-settings

Delete all settings related to this program from the registry.

Deletes these settings from all registry keys.

--dry-run/--dryrun

Run up to the point of scanning without writing any changes and then exit (useful to log the configuration).

Use this option to examine if the agent is able to run and communicate with the server. It will exit before scanning and won't make any changes to the system. You can use this option along with -c.

-i/--install

Install service.

-L/--localsystem

Run the service as the LocalSystem user.

--manual

When installing, set service to only be started manually, rather than automatically

-N/--no-registry-write

When installing, do not write any settings to registry.

When removing, do not delete settings from registry.

-p/--copy <dest>

Before installing, copy executable file to <dest> and install the service to run from <dest>.

-r/--remove

Remove service.

-R/--runas <user[:pass]>

Specify the user the service should run as.

For a domain user type "user@domain" or "domain\user"

-S/--only-save-settings

Only save settings from the command line to registry, as the relevant user.

Does not run, install or remove.

Use this option when you want to modify the agent registry settings after the agent is installed. You need to restart the agent service to make the changes effective.

This option could be used to edit the server options like userid/token/host/port stored in the registry.

This setting is the opposite of ā€œ-Nā€ options. If -N is used, no registry setting will be edited.

Service Recovery Settings:

 

--service-failure-actions <actions>

Failure actions and their delay time (in milliseconds), separated by / (forward slash) ā€“ e.g., run/5000/reboot/800. Valid actions are <run|restart|reboot>.
(Must be used in conjunction with the --service-failure-reset option)

--service-failure-command <command line>

Command line to be run on failure.

--service-failure-flag

Changes the failure actions flag setting of a service. If this setting is not specified, the Service Control Manager (SCM) enables configured failure actions on the service only if the service process terminates with the service in a state other than SERVICE_STOPPED. If this setting is specified, the SCM enables configured failure actions on the service if the service enters the SERVICE_STOPPED state with a Win32 exit code other than 0 in addition to the service process termination as above. This setting is ignored if the service does not have any failure actions configured.

--service-failure-reboot <message>

Message broadcast before rebooting on failure.

--service-failure-reset <period>

Length of period of no failures (in seconds) after which to reset the failure count to 0 (may be INFINITE).
(Must be used in conjunction with --service-failure-actions)