Scheduled scans results do not appear in the Activity Monitor even though the Last Scanned column in Configuration > Scheduled Scans shows the scan as having run.
This article covers the possible root causes for such situation and provides the solution steps.
The most common root cause for such an issue is that the account used for scanning or the account used for the LNSSCommunicator module is lacking permissions:
- The account used for scanning must have the Replace a process level token right to launch the lnsscomm.exe process. Without it, the scanning account will launch the scheduled scan and update the "Last Scanned" column value but then fail to launch the lnsscomm.exe process and the scan will not actually happen.
- The Logon as a batch file right is needed for the remediation operations.
In rare cases, the backend database connectivity issues might be the root cause for the results of the scheduled scans not appearing in the Activity Monitor. It is the information stored in the database that is being used to display the results in the Dashboard or Activity Monitor. In this case, debug log
lanss_vXXX_attendantservice.csv would have the relevant errors:
- "Error EOleException: 'Invalid connection string attribute'"
- Source = "Microsoft SQL Server Native Client 11.0", Description = "Login failed for user ..."
- "Login failure error repeated for all 10 attempts, stopped trying."
Add the account used for scanning and the account used for the LNSSCommunicator module to the Replace a process level token and Logon as a batch job local security policies as follows:
- Determine the account being used for scanning by checking the scheduled scan > Properties > Logon Credentials tab:
- If there are no credentials specified AND Use per computer credentials when available is NOT checked, then the GFI LanGuard Attendant Service account will be the one to be used.
- If Alternative Credentials are specified AND Use per computer credentials when available is NOT checked, then the specified Alternative Credentials will be used.
- If Alternative Credentials are specified AND Use per computer credentials when available IS checked AND the computer has Per-computer Credentials assigned in the Dashboard > Computer Properties dialog, then the specified Per-computer Credentials will be used.
- Open Dcomcnfg (Start > Run > type
dcomcnfg.exeand press Enter), navigate to Computers > My Computer > DCOM Config > LNSSCommunicator), right-click to open Properties, and switch to the Identity tab. Check the account being used.
- Open the Local Security Policy editor (under Control Panel or running by gpedit.msc).
- Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
- locate the Replace a process level token policy and open the Properties dialog.
- Ensure the scanning account used and the Identity account of the LNSSCommunicator are included (add them if not included).
- Do the same for the Logon as a batch job policy.
Schedule a scan and check the results in the Activity Monitor. If the scan results still do no appear there, check the debug log
lanss_vXXX_attendantservice.csv for the possible database connectivity errors and address them using the solution from Getting 'Cannot connect to database' Error in GFI LanGuard Console article.
If you have successfully managed to follow through the above steps, the scheduled scan will start showing results in the Activity Monitor. If the issue persists contact the Support Team.