Overview
When scanning a target machine using manual scans, the scan result displays the following error in the console:
The lanss_v12x_securityscanner.csv log file displays the following warnings:
Troubleshooting WMI Messages consistently shows the following error:
The target machine Event System Logs show the message (Event ID 10036): "Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application"
The error persists after having ensured:
- The Alternative Credentials are correct and have been used appropriately.
- The workgroup machine (if the target machine is part of a workgroup) is set up properly.
- The WMI-In protocol is enabled in the target machine's firewall and the required services & settings are in place on the target machine.
Root Cause
Windows uses the Distributed Component Object Model (DCOM) Remote Protocol for communication between the software components of networked devices. A recent Windows patch update may have enabled hardening at the endpoint device, which is preventing authentication in order to allow LanGuard perform WMI Checks. These checks are performed by LanGuard to obtain management data from remote computers, which will be needed to identify the status and vulnerability of the scanned targets.
Solution
A registry setting needs to be put in place to help LanGuard bypass the Authentication check. Please ensure to take a back-up of the registry prior to performing the following steps:
- Open the Registry Editor. (This example shows Registry on a local client.
- Navigate to: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat
- Add a new registry key to this location:
Name: RequireIntegrityActivationAuthenticationLevel
Type: DWORD
Value Data: 0x00000000 - If the value is not set, it defaults to "enabled." If necessary, edit the value to be "disabled," or 0.
The value must be Hexadecimal. - Restart the computer. On endpoints with Windows updates up to November 2022, this addition should be sufficient.
Conclusion
LanGuard should now be able to perform the WMI checks on the target machine. If the issue persists, please Gather Troubleshooter Logs from the LanGuard Server and provide the Event Viewer Application and System Logs. Raise a ticket with the Support Team.