Jump to content


Photo

Agent free


  • Please log in to reply
7 replies to this topic

#1 Benny

Benny

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 11 January 2008 - 07:11 PM

Sorry for all the questions. I keep running into things. But I think I'm done for the night! :)

Your site says your product is "agent free", but then I noticed "Copying files" & "Installing service" for a lot of PCs. On those PCs there are 2 files in the Windows dir called "tniaudit.exe" and "tniservice.exe", both files weighing in at about 1 megabyte a piece (2MB total). And every time I run scans, there are 2 of them running on each computer. Meaning I see 2 "tniaudit.exe" and 2 "tniservice.exe" running at the same time.

Not that I mind agents, but it's not what's advertised.

#2 Zak

Zak

    Administrator

  • Root Admin
  • PipPipPip
  • 747 posts
  • Gender:Male

Posted 14 January 2008 - 10:28 AM

Feel free to ask as much as you like :)
Actually the program was developed as agent-free and it uses WMI (Windows Management Instrumentation) for accessing remote computers and collecting information. But then it happened that very often RPC service (which needs to be available to make use of WMI) is blocked by Windows Firewall in XP SP2 and Vista with default settings. Thus we have introduced a new method which drops an audit utility to a remote computer and runs a service remotely which then runs that utility locally. This method requires only SMB protocol to be allowed (file and printer sharing service), and as it's allowed more often, it's more "firewall friendly".
You can still set the program's behaviour with "File - Options - Connection - Connection method". There you can select to use either agent method (SMB) or agent-free method (RPC/DCOM). The option "Try another method", if enabled, orders the program to try to connect with another method if the one that is selected fails for some reason. If that option is disabled, only selected method is used.
As for 2 "tniaudit.exe" and 2 "tniservice.exe" running, this is okay, because this is the way our software protection system works (you can notice that one process is always very small, below 1 Mb in memory, this is a service process, and another one is bigger, this is a working process).
Softinventive Lab support

#3 Benny

Benny

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 14 January 2008 - 03:39 PM

We don't have any firewalls on for individual computers. Is there some other reason it's using the agent?

#4 Zak

Zak

    Administrator

  • Root Admin
  • PipPipPip
  • 747 posts
  • Gender:Male

Posted 16 January 2008 - 06:22 AM

We don't have any firewalls on for individual computers. Is there some other reason it's using the agent?

No other reason. The point is that the method with agent is used by default in the furst turn, in order to maximize the number of successful scans in an unknown environment. But as I've said, you can customize this behaviour in the program's options and disable the usage of agent.
Softinventive Lab support

#5 Benny

Benny

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 16 January 2008 - 12:24 PM

I switched it to "use no agent" if it can and none of the PCs have the firewall enabled, but I still see it saying "Copying files" and "Starting service". If I tell it not to try another method, then I get all kinds of RPC errors, etc.

#6 Zak

Zak

    Administrator

  • Root Admin
  • PipPipPip
  • 747 posts
  • Gender:Male

Posted 17 January 2008 - 12:10 PM

I switched it to "use no agent" if it can and none of the PCs have the firewall enabled, but I still see it saying "Copying files" and "Starting service". If I tell it not to try another method, then I get all kinds of RPC errors, etc.

That means that something still prevents the program to connect to the RPC service on remote computers (TCP port 135). You would need to check for that. Mostly often the Windows Firewall is the reason. Are you sure that it's disabled on those computers?
Softinventive Lab support

#7 Benny

Benny

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 17 January 2008 - 03:01 PM

We're sure. None whatsoever. Some of them are even Windows 2000 and no firewall comes with W2K, and no firewall is installed on them.

#8 Zak

Zak

    Administrator

  • Root Admin
  • PipPipPip
  • 747 posts
  • Gender:Male

Posted 18 January 2008 - 12:05 PM

You should check if TCP port 135 is actually available (with telnet or some other tool).
Anyway, this is why we have introduced the scanning method which uses an agent, as one method works on some networks, another method works on other, and in any case you get the result. Though usually they both should work.
Softinventive Lab support




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users