Frequently Asked Questions

GENERAL

  1. What is SecPod Saner?
  2. What are the hardware/software requirements to use SecPod Saner?
  3. What is scanning?
  4. Is it possible to set the product to Scan regularly, without user intervention?
  5. What is remediation?
  6. Is it possible to set the product to Remediate regularly, with out users intervention?
  7. What are definitions?
  8. What is Assets?
  9. What does the color band indicate on the report?
  10. What do you mean by Non Compliance?
  11. What is vulnerability?
  12. Why are software vulnerable? or What makes software vulnerable?
  13. How can we fix a vulnerability?
  14. What is patching/updating?
  15. Why is patching so important?
  16. Is antivirus software not enough?
  17. What applications is SecPod Saner able to detect?
  18. What applications does SecPod Saner support for remediation?
  19. If I restart the machine, will SecPod Saner be active after the restart?
  20. Do I need to always be connected to the Internet?
  21. How do I get Help for this product?
  22. Where can I find more info about this product?
  23. Where can I find the log messages of SecPod Saner?
  24. Is there a 64bit version of the Product available?
  25. Is SecPod Saner available for non Windows Platforms?
  26. What is a CVE?
  27. What is a CCE?

SecPod Saner

  1. What do you mean by definition update?
  2. How can I get updates?
  3. Where will the updates be saved?
  4. Is it possible to set the product to Update regularly, without user intervention?
  5. How can I upgrade this product?
  6. How can I perform a scan?
  7. Is there a way I can Scan only my selected assets?
  8. How can I see the detailed status of my System?
  9. What does the percentage indicate in the Non-Compliance Report?
  10. How do I know what Saner is doing currently?
  11. Saner always says Performing Scan, what could be the issue? How do I quit a scan?
  12. Saner is always saying Performing remediation, what could be the problem? How do I quit remediation?
  13. Saner is always saying Preparing Reports, what could be the problem? How do I quit uploading?
  14. What is subscription?
  15. After my expiry date, can I use the product?
  16. How do I can update/renew my subscription?
  17. What is Risk?
  18. What is Status?
  19. What do you mean by fix?
  20. How to fix a vulnerability/compliance issue found on my assets?
  21. How can I know what fix is going to be done?
  22. How can I stop the fixing operation?
  23. If I abort the fixing operation will it harm my System?
  24. Abort is not happening even if I clicked on abort, why?
  25. How do I know how much disk space, it is going to consume for a fix?
  26. Is there a way I can Fix the issues found on my Assets Selectively?
  27. Is there a way I can save/export the report in to a file?

INSTALLATION

  1. Is there a way I can install SecPod Saner without any GUI input? if yes How?
  2. How much disk space is required to install this Software?
  3. How do I disable the product?
  4. How do I uninstall the product?
  5. How can I ensure the security of the product?
  6. After installation Saner says Configuration Error, how can I resolve the issue?
  7. After installation Saner says Could not connect to server, how can I resolve the issue?
  8. How can I activate SecPod Saner?
  9. What is an activation key?
  10. After installing Saner an activation window pops up and never activates my license key, how can I resolve the issue?

SCANNING

  1. Is there a way I can scan, other systems using SecPod Saner?
  2. How does the scan work?
  3. How does SecPod Saner determine an asset is vulnerable or not?
  4. How does the SecPod Saner determines that an asset is compliant or not?
  5. How does the Saner determines the criticality of a vulnerability?
  6. Is it possible to work on my system while Scan is going?
  7. Will it affect the scan result if I continue to work on my system, even if the scan is going on?
  8. Where will be the reports uploaded to?
  9. Is there a way I can stop uploading the reports?
  10. What will happen if I restart the system while a scan is going on?
  11. Is there a way I can make use of uploaded reports in future?
  12. How can I see the uploaded report?
  13. Is there a way I can get a detailed description of issues found on my asset?
  14. What is outdated software?

REMEDIATION

  1. How does Remediation works?
  2. Asset shows remediation not available, what can I do in this scenario?
  3. How does remediation for Microsoft products work when quiet option is selected?
  4. How does remediation for Microsoft products work when interactive mode is selected?
  5. Is there a way I can Remediate without scanning my system?
  6. Is there a remediation report available?
  7. My system is still showing vulnerability/compliance issues even after remediation, why?
  8. Will remediation resolve all the issue found in my System?
  9. Is there a way I can find what kind of remedy is going to happen for my asset?

CONFIGURATION

  1. What are Scan types?
  2. What is Scan Mode?
  3. What is Scheduler?
  4. What is Auto Remediate?
  5. What is patch update server?
  6. Is it possible to configure the product to download patches/fixes from customized servers?
  7. Is it possible to configure the product to download definition updates from customized servers?
  8. Is it possible to configure the product to display using some other preferred language?
  9. What do you mean by Installation type?
  10. Is it possible to fix all issues that are reported without any user intervention?
  11. What is patch update server "SecPod-Default"?

GENERAL

What is SecPod Saner?

SecPod Saner is an application to proactively assess and secure endpoint
systems. It identifies security loopholes, misconfiguration and missing patches
and automatically remediates to ensure systems remain secure.

What are the hardware/software requirements to use SecPod Saner?

Software Requirements
Operating System Supported:
All Microsoft Windows operating systems.

Hardware Requirements
If you have a Microsoft Windows operating system running in your system, Saner will be able to be installed.

What is scanning?

Scanning is a process of inspecting all the software installed on the system, looking for security loop holes and settings and reporting it in an XML format.

Is it possible to set the product to Scan regularly, without user intervention?

Yes, there is a scheduler available with SecPod Saner, which can be configured by the user according to convenience. Click on settings page>> scheduler >> Alter the time for scheduled scan and update.

What is remediation?

Remediation is a process of correcting the security loop holes and misconfigured security settings by installing patches and updates from the respective vendors or changing the security settings of the system, which can be done in two ways. If the user configures Saner to do remediation in interactively for each fix(security setting changes or software updates), the user will be prompted for the confirmation for the action. In the silent mode remediation will be done without notifying the user except for certain actions where user intervention is mandatory.

Is it possible to set the product to Remediate regularly, without user intervention?

Yes, there is a scheduler available with SecPod Saner, which can be configured by the user according to convenience. Click on the settings page and select the scheduler tab. Alter the time for the scheduled scan and update. Also make sure that you have selected Auto Remediation option in the Remediation tab.

What are definitions?

A definition is an OVAL Definition that is used to determine the existence of a vulnerability or configuration issue. OVAL is an XML based language that expands to Open Vulnerability Assessment Language. Definition is an XML representation of conditions and states that define a vulnerability in a particular system.

What is Assets?

SecPod Saner treats all the softwares and applications that are installed in the system as assets.

What does the color band indicate on the report?

SecPod Saner use color code to represent the severity of the vulnerabilities found on the System
RED - CRITICAL
ORANGE - HIGH
YELLOW - MEDIUM
PALE YELLOW - LOW

What do you mean by Non Compliance?

A Compliance is a set of rules for the settings of an application or a product that is defined for the security or satisfactory functioning of the system. A non compliant system is not obeying the rules set by the product.

What is vulnerability?

Vulnerability is a weakness that allows an attacker to reduce a system's information assurance.
It can be described as a state in a computing system (or set of systems) which either:
allows an attacker to execute commands as another user
allows an attacker to access data that is contrary to the specified access restrictions for that data
allows an attacker to pose as another entity
allows an attacker to conduct a denial of service
or in simple words an information security vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network.

Why is software vulnerable? or What makes software vulnerable?

Most of the vulnerabilities are due to mistakes or errors created at the time software is developed. Most of the known vulnerabilities are associated to an incorrect manner of dealing with the inputs supplied by the user of the system. If these inputs are not correctly processed before using them inside the program they can generate unexpected system behavior.

How can we fix a vulnerability?

Most of the software vendors provide a security patch or update once they confirm the vulnerability in their product. On applying the vendor provided patches the confirmed vulnerability will be corrected. SecPod Saner uses vendor provided patches or updates for rectifying the vulnerability issues found on the system.

What is patching/updating?

A patch is a piece of software that is designed to fix problems, or it can be an update to the program or its supporting data. Patching or updating is the process of applying the patch on the system.

Why is patching so important?

A patch, by definition, is meant to fix software problems. To keep software problem/error free it is essential to apply all the patches provided by the vendor for the software.

Is antivirus software not enough?

Antivirus software deals with malicious programs that are present in the system, but it is not removing the chances of affecting the same malicious program on the system. And the majority of malicious programs make use of loop holes in the application software installed on the system. In that sense antivirus software is not removing the root cause of a malicious activity that is happening in the system.

What applications is SecPod Saner able to detect?

Saner covers majority of the desktop applications. If you believe an application is not covered, please feel free to report your requirements to us. We have a team committed to meeting requirements.

What applications does SecPod Saner support for remediation?

Saner covers majority of the desktop applications. If you believe an application is not covered, please feel free to report your requirements to us. We have a team committed to meeting requirements.

If I restart the machine, will SecPod Saner be active after the restart?

Yes, even after restarting the system SecPod Saner will be active and ready to serve the duties according to the Schedule.

Do I need to always be connected to the Internet?

No, Internet access is only needed when you bring up the machine and to pull updates from the SecPod Saner Server.

How do I get Help for this product?

There is a support link available on the product, by clicking that you will be able to reach us.

Where can I find more info about this product?

There is a support link available on the product, by clicking that you will be able to reach us.

Where can I find the log messages of SecPod Saner?

If you are keen about what is happening while SecPod Saner is doing its duties you can check the install folder for log files.

Is there a 64bit version of the Product available?

No, currently SecPod Saner is available in 32bit architecture. How ever this can be installed on supported 64bit operating systems.

Is SecPod Saner available for non Windows Platforms?

No, SecPod Saner is available only for Microsoft Windows.

What is a CVE?

CVE is a list of information security vulnerabilities and exposures that aims to provide common names for publicly known problems. The goal of CVE is to make it easier to share data across separate vulnerability capabilities (tools, repositories, and services) with this "common enumeration." CVE® International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures. CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

What is a CCE?

CCE is Common Configuration Enumeration, which is a collection of configuration settings. Each setting is uniquely identified by an Id termed as CCE ID.


SecPod Saner

What do you mean by definition update?

Definition update is the process of downloading the newly released OVAL Definition from the SecPod Saner Server for the corresponding operating system in which Saner is installed.

How can I get updates?

There is a button available in the Home page of SecPod Saner for downloading Definitions.

Where will the updates be saved?

Downloaded updates are saved in a folder named as "updates", which will be inside the Saner install folder.

Is it possible to set the product to Update regularly, without user intervention?

Yes, a Saner user can configure the scheduler to do the update activity according to convenience. To do that the user must navigate to the Settings Page of the Saner and select the Scheduler tab.

How can I upgrade this product?

Product upgrade is also integrated with the update(Download Definitions) feature of SecPod Saner. If Saner needs to be upgraded, the user will be prompted while doing the definition update.

How can I perform a scan?

Saner users can click on the scan button given in the home page of Saner whenever he desires to do a scan. Or the user can configure Saner to perform the scan at a particular time of day, Saners Scheduler will take care of the job, the only condition is system must be up and running at the provided time of day.

Is there a way I can Scan only my selected assets?

Normally no, Saner is downloading all the definitions that are relevant to your operating system. However if you are very particular about certain software you can contact us and we will configure that for you.

How can I see the detailed status of my System?

After each scan Saner prepares a detailed report of the system, which can be viewed on the reports page.

What does the percentage indicate in the Non-Compliance Report?

Non Compliance percentage is calculated based on total number of compliance settings required for your operating system versus the number of compliance settings present in the system

How do I know what Saner is doing currently?

Saners status messages are shown on the right bottom of Saner.

Saner always says Performing Scan, what could be the issue? How do I quit a scan?

Normally scanning takes only about 3-5 minutes, but it can vary according to the operating system and number of applications installed. But if you still feel it is never ending, you can click on the stop button given in the scanning section of Saner or you can try quitting the Saner by right clicking on Saner from System Tray and starting it again. Even after that if the message is not cleared you can try restarting the "SecPod Saner Agent" from system service, At any stage you can contact our support team for any kind of help.

Saner is always saying Performing remediation, what could be the problem? How do I quit remediation?

Remediation is a lengthy process, time taken for it can vary according to the operating system and number of applications installed. But if you still feel that it is never ending, you can try quitting the Saner by right clicking on Saner from System Tray and starting it again. Even after that if the message is not cleared you can try restarting the "SecPod Saner Agent" from the system service. At any stage you can contact our support team for any kind of help.

Saner is always saying Preparing Reports, what could be the problem? How do I quit Report Preperation?

Ensure that you are connected to the Internet. If Saner still shows Preparing Reports, you can try quitting the Saner by right clicking on Saner from System Tray and starting it again. Even after that if the message is not cleared you can try restarting the "SecPod Saner Agent" from the system service. At any stage you can contact our support team for any kind of help.

What is subscription?

Subscription/License is for using the product and service for the agreed period of time. For each subscription SecPod Saner will be associated with a license key.

After my expiry date, can I use the product?

No, once your license/subscription is expired you should renew it. After subscription expiry Saner wont perform the Definitions update or Remediation.

How do I can update/renew my subscription?

Contact the SecPod Sales Team for purchasing a new license or renewing the license.

What is Risk?

Risk is the number of vulnerabilities or misconfigurations associated with a software product or application.

What is Status?

Status is the state of the Remediation. It will be shown as a Green tick. The Fix button will be available if there is an issue and Saner can solve the issue. Remediation Not Available status indicates that Saner will not be able to Remediate the Asset. After remediation the Status may turn to a green tick or Red cross mark. Green tick indicates the remediation succeeded and Red mark indicates Remediation failed due to some unknown reason.

What do you mean by fix?

Fix is a software module or configuration setting designed to solve the security loop hole in the system or asset.

How to fix a vulnerability/compliance issue found on my assets?

If there are issues Found on a Compliance Scan or in a Vulnerability Scan, Remediation can be done either by configuring the product to do auto remediation or by clicking the "Remediate All" button in the bottom of the report page or clicking in the individual fix button provided along with the asset name.

How can I know what fix is going to be done?

In the Saner Reports page, Asset Remediation information can be viewed by clicking the info button.

How can I stop the fixing operation?

In Saner the report page an abort button will be available as soon as the remediation starts. You can click on the abort button and stop the remediation for an asset.

If I abort the fixing operation will it harm my System?

The provided abort functionality is completely safe to use. Saner will discard the abort request if remediation has already started installing the update.

Abort is not happening even if I clicked on abort, why?

Abort will take some time to take effect, as it will be difficult to terminate certain operations at once. In some other scenarios installation might have started, so Saner will discard the abort request. Since aborting at the installation stage could result in unstable system state.

How do I know how much disk space it is going to consume for a fix?

For each fix, remediation info is available in the reports page by the side of the Fix button. You can click on the info button for more details about the fix.

Is there a way I can Fix the issues found on my Assets Selectively?

Yes, The Saner report page has a Fix button enabled for each assets. You can click on these fix buttons for remediating each asset individually.

Is there a way I can save/export the report in to a file?

No. It is not possible to save the report from the Saner. Paid customers can login to SecPod Viser and view different kinds of report showing the security status of the system.


INSTALLATION

Is there a way I can install SecPod Saner without any GUI input?

No. Currently Saner installer requires input from the user.

How much disk space is required to install Saner?

The Saner installer requires 60MB of hard dis space for its installing and it will grow up to a maximum of 250MB after the Definition update.

How do I disable the product?

You will not be able to disable the product until you uninstall Saner from the system.

How do I uninstall the product?

Go to Control Panel, click on Add/Remove Programs and double click on the SecPod Saner entry.

How can I ensure the security of the product?

The SecPod Saner installer and all the component libraries and executable are digitally signed. You can verify the digital signature associated with each library and executable.

After installation Saner says Configuration Error, how can I resolve the issue?

Go to the Settings Page of Saner and make sure Download cache directory is pointing to a valid directory. You can contact support team for further help.

After installation Saner says Could not connect to server, how can I resolve the issue?

Check your Internet connection, if issue is still not resolved contact support team.

How can I activate SecPod Saner?

SecPod Saner is shipped with a license key along with the installer. You can make use of the license for activating the product.

What is an activation key?

The activation key is a unique license key provided to customers, along with the SecPod Saner installer. The activation key is used for authenticating with the SecPod Saner Server and Communicating with the server. Without the activation key Saner will not function.

After installing Saner an activation window pops up and never activates my license key, how can I resolve the issue?

Make sure that the supplied license key is proper. If you still find it impossible to activate please contact support team for further help.


SCANNING

Is there a way I can scan, other systems using SecPod Saner?

No, SecPod Saner is not designed to do remote Scan, with one Saner you can Scan only one machine which is the Saner installed machine.

How does the scan work?

Saner make use of the OVAL Definitions and inspects applications and software for vulnerabilities and misconfigurations and prepares a detailed report about the system in XML format. Users will be able to view the reports using Saner from the reports page.

How does SecPod Saner determine an asset is vulnerable or not?

Saner determines an asset is vulnerable or not based on the Vulnerability OVAL definition, in which the vulnerability is described in a machine readable format. Saner compares vulnerability details with the details of applications present in the system.

How does the SecPod Saner determines that an asset is compliant or not?

Saner determines an asset is compliant or not based on the Compliance OVAL definition, in which the Configuration settings is described in a machine readable format. Saner compares vulnerability details with the details of applications present in the system.

How does the Saner determine the criticality of a vulnerability?

Each vulnerability is associated with a CVSS Score, which is calculated based on the exploitability of the vulnerability, impact of the vulnerability.
1. Vulnerabilities are labeled "Low" severity if they have a CVSS score of 0.0-2.0.
3. Vulnerabilities will be labeled "Medium" severity if they have a CVSS score of 2.0-5.0.
3. Vulnerabilities will be labeled "High" severity if they have a CVSS score of 5.0-8.0.
4. Vulnerabilities will be labeled "Critical" severity if they have a CVSS score of 8.0-10.0.

Is it possible to work on my system while scan is going?

Yes. If the system feels slow, you can stop the current Saner activity or reschedule the job. Saner also provides an option of changing the scan mode to make scanning a light weight process by selecting the Low Scan Mode. For that, Navigate to Saner Settings page, select Scanner tab and choose the Low option for Scan Mode.

Will it affect the scan result if I continue to work on my system, even if the scan is going on?

No. Scanning is irrespective of system changes except installation/uninstallation of applications and software.

Where will be the reports uploaded to?

Reports are getting uploaded to SecPod Viser, where the collective reports are available, if you are a paid customer you will be able to login and view the overall status graphical reports by opening SecPod Viser

Is there a way I can stop uploading the reports?

No. Uploading reports cannot be avoided unless you are disconnected from Internet.

What will happen if I restart the system while a scan is going on?

Scanning will fail for the time being, but you can rescan at any time or Saner will take care of it by the help of the available Scheduler.

Is there a way I can make use of uploaded reports in future?

Uploaded reports are available to view through SecPod Viser if you are a paid customer.

How can I see the uploaded report?

Login to SecPod Viser with the given user name and password. SecPod Viser is a platform where you can view various reports that projects security aspects of your machine/machines.

Is there a way I can get a detailed description of issues found on my asset?

Yes. It is available in the report page. After a scan is done, navigate to the Saner Reports Page, and expand the asset that you want to view.

What is outdated software?

Outdated software is software that is no longer supported by the vendor. That means for the issue found on that application patches and fixes would not be available from the vendor.


REMEDIATION

How does Remediation works?

When SecPod Saner finds that vulnerability exists, it consults SecPod Ancor for available patches for the vulnerability, and then Saner downloads the respective patch and applies it on the system. The remediation operation supports two modes which are INTERACTIVE and QUIET

Asset shows remediation not available, what can I do in this scenario?

It is rare to find scenario where you will find assets with a notification "Remediation Not Available". In this case you can try to patch/update the software yourself. If not possible you can choose not to use the product or uninstall it untill the patch is available from the vendor. Normally vendors will release patch/updates once they confirm the vulnerability.

How does remediation for Microsoft products work when quiet option is selected?

Microsoft remediation is done by launching Microsoft automatic updates, in quiet mode respective apis are called which will silently update the patches without user intervention.

How does remediation for Microsoft product works when interactive mode is selected?

When interactive mode is selected for Microsoft products remediation, the Windows automatic update window is opened for the user to select and apply the patch.

Is there a way I can Remediate without scanning my system?

No. Remediation is done based on the vulnerabilities/misconfigurations present in the system.

Is there a remediation report available?

After Remediation the respective status will be updated in Saner's Report Page, and there will be live update available for each assets remediation.

My system is still showing vulnerability/compliance issues even after remediation, why?

Some remediation requires restarting the system. You can try restarting the system and remediate once again. If the issue is still not resolved, contact our support team for further help.

Will remediation resolve all the issue found in my System?

Remediation will be able to fix the majority of the vulnerability and misconfiguration issues found on the system, provided the application/software is not outdated and the vendor had released patches for all the vulnerabilities found on the software.

Is there a way I can find what kind of remedy is going to happen for my asset?

In the reports page along with the asset name, fix info is available. You can click on the info button and view details about the patch/update that is going to get applied on the system.


CONFIGURATION

What are Scan types?

There are two types of scans available in SecPod Saner, which are
1. Vulnerability Scanning
Scans of security loop holes in software/applications.
2. Compliance Scanning
Scans for misconfigurations in software settings.

What is Scan Mode?

In SecPod Saner scanning can be configured to two different modes.
1. Low Mode
Saner uses minimal system resources when performing the scan, this might take longer to finish the scan compared to the other scan mode.
2. Full Throttle
Saner uses maximum system resources when performing the scan.

What is Scheduler?

Scheduler is a feature of SecPod Saner that performs its duties with out any user intervention. Using the Scheduler one can automate the key features of Saner such as Definition Downloading, Scanning, Remediation.

What is Auto Remediate?

Auto Remediate is a feature in which remediation happens automatically after every scan if there are vulnerabilities or misconfigurations.

What is patch update server?

Patch update server is the Server that is going to provide all the remediation patches/updates. Paid customers will be able configure their own update servers and configure Saner to download remediation updates from their update server.

Is it possible to configure the product to download patches/fixes from customized servers?

Yes. It is possible to configure the product to download fixes from local servers, but this feature is only enabled for paid customers.

Is it possible to configure the product to download definition updates from customized servers?

No. Definition updates can only be downloaded from SecPod Ancor. If you have any concerns about this behavior, you can always report it to us, we have a team ready to receive your feedback and provide you a solution.

Is it possible to configure the product to display using some other preferred language?

Currently no. Current supported language is English. Please contact the support team for further enhancements of the product.

What do you mean by Installation type?

Two modes of Remediation can be configured with SecPod Saner.
1. Interactive Mode installation
In this mode the user will be prompted for installing patches and updates. In case of Microsoft product updates, Saner launches Windows Automatic updates and you can choose to do hotfixes and updates.
2. Quiet Mode installation
Quiet mode will install the patches and updates with out any user intervention, unless it is mandated by the update.

Is it possible to fix all issues that are reported without any user intervention?

Yes, by selecting quiet mode of remediation you can configure Saner to do remediation without intervention.

What is patch update server "SecPod-Default"?

Default patch/update server is SecPod-Default, which provided from SecPod includes all the latest software patches with signature validation support, where authenticity of each patch/update is verified and installed.


About              FAQ              Terms