Download and Install the Software Vulnerability Manager Daemon
The Software Vulnerability Manager Daemon is a stand-alone executable that executes various schedules configured in the Software Vulnerability Manager console. It runs as a background service with no user interaction. To download the Daemon, click here.
The Daemon integrates a number of local data sources in your network with the Flexera Cloud. It should be deployed to a node in the network that has high availability (for example, the server running the System Center or SQL server).
Once deployed, the Daemon will regularly scan the following data sources, based on the configuration created in Software Vulnerability Manager:
| • | Active Directory |
| • | Microsoft® System Center Configuration Manager (“System Center”) Imports |
| • | Scheduled Exports |
| • | WSUS State Change |
Important:As the Daemon is connecting directly to the Flexera and System Center database servers unattended, Software Vulnerability Manager’s System Center Inventory Import page should be configured to include System Center SQL Host, SQL Port and SQL Database connection details prior to the installation of the Daemon to enable the latter to start executing unattended schedules correctly and on time.
To be able to pass authentication at the SQL server during an unattended scheduled Import, the Daemon has to be installed and configured with a user account that has been specifically assigned with Connect/Select permissions at the SQL Server Management Studio software prior to the installation of the Daemon.
When scheduled imports require it, the Daemon connects directly to the System Center database. This may block upgrades of System Center. Before upgrading System Center, make sure to stop the Daemon service, and start it again after the upgrade to System Center is complete.
The Daemon should only be deployed once to avoid two instances competing to retrieve the schedules.
The user or service account that runs the Daemon must have:
| • | Run-as Service privileges |
| • | Write permission on the location where the exports should be placed and log file written for scheduled CSV file output and log file creation |
| • | Member of local WSUS group “WSUS Administrators” |
| • | LDAP query privileges |
| • | SQLDataReader privileges |
| • | System Center Configuration Manager Read only Analyst privileges |
To assign Connect and Select permissions to the user (or service account) that will be used to run the Daemon service:
| 1. | Open SQL Server Management Studio software at the SQL Server Host. |
| 2. | Expand Databases and find the name of your System Center database. |
| 3. | Right-click the database name and select Properties. |
| 4. | Enter the Permissions section from the left-hand side menu. |
| 5. | Find the account that will be used to install the Daemon and click on it. |
| 6. | While highlighted, review the Explicit permissions of the account below and find and select the Connect and Select check boxes. |
| 7. | Save the configuration and exit the SQL Server Management Studio. |
To install the Daemon:
| 1. | Double-click the Daemon installer icon and follow the wizard instructions. |
Important:To run the Daemon service successfully note the followings:
| • | SVM 2019 Daemon does not require elevated permissions to run once the service has been setup, but it requires that the installation of it is performed by an account that is at least Local Administrator on the machine where the service is to be installed. |
| • | The Daemon's service account must not be restricted by a GPO configuration the ability to logon to the server selected for installation of the Daemon. Such domain policy will prevent the Daemon to run as a service and would therefore prevent it to perform intended functionality. |
| 2. | Accept the End User License Agreement and click Next. |
| 3. | Enter the Daemon Proxy Settings (host name, port, username and password), if required. The values in populated fields are fetched from the current user’s Internet Explorer proxy settings. Click Next. |
| 4. | Enter the Username and Password of your Software Vulnerability Manager account and click Install. |
Important:The Daemon executes scheduled tasks configured in Software Vulnerability Manager. Therefore, the Software Vulnerability Manager user account used during the Daemon installation must be the same one which set up the scheduled tasks in Software Vulnerability Manager. It can be a user account or an administrator account in Software Vulnerability Manager.
| 5. | Enter the credentials for the user account (or service account) that was setup beforehand to grant access for the Daemon to the SQL Server Host. The user name must be entered in the <username>@<AD domain> format. Click Next. |
| 6. | Click Finish to close the Daemon setup. |
For reference, the Daemon now outputs report to a user-configured path. This path is set when the Daemon is installed and there is a page in the installer to configure the path. The file created at that path gets the data and time appended to its name, so for example, if the user sets the name to all_hosts.csv in Software Vulnerability Manager, then the resulting file will actually be named all_hosts_2015-11-29_13-00_01.csv, or whatever the date and time were when the file was created.
Also note that, from Daemon version 2.0.0.6 onwards, if the user leaves the path empty when installing the Daemon, then exporting reports won't work at all. To fix this later, the user will have to reinstall the Daemon and set the path in the installer.
The Daemon uses the System Center SQL Database Settings that are specified in the Configure dialog. If those settings haven't yet been specified when the Daemon has been run, then it will check for them again in 10 minutes and every 10 minutes afterwards until it gets them.
The Daemon checks with Flexera every 10 minutes to download new schedules or fetch changes to existing schedules as long as it is not in the process of processing scans and the results are displayed in Software Vulnerability Manager Completed Scans page.
To disable the daemon security protocol using (--ignore-crl, --ignore-ca, --ignore-cn), choose one of the following options:
| 1. | Add the security options to the image path of Windows service in the location: |
System->CurrentControlSet->Flexera Software Corporate Inspector Daemon->ImagePath
Example of an ImagePath value:
"C:\Program Files\Flexera Software\Corporate Software Inspector Daemon\daemon.exe" --service-launch --ignore-crl --ignore-ca --ignore-cn -d c:\log.txt –v
| 2. | Add the following options to the Daemon registry key: |
[HKEY_CURRENT_USER\SOFTWARE\Secunia\Daemon]
"IgnoreCRL"= dword:00000001
"IgnoreUnknownCA"= dword:00000001
"IgnoreInvalidCN"= dword:00000001
The daemon will add the registry entries when you install it along with the security options as follows:
Daemon.exe -i --ignore-crl --ignore-ca --ignore-cn -R username:password
Note:If you configure the registry settings manually, restart the service for the change to take effect.