Page Comparison

Problem

When running an Assessor scan against a Windows target, the scan stops unexpectedly while gathering networking parameters. The

When Assessor is run with INFO-level logging, the /logs/assessor-cli.log file contains the following entry indicating the scan halts at the collect_ipconfig step:

INFO org.cisecurity.session.impl.BaseSession - Starting Execution for Command --> 
""C:\Windows\Temp\ccpa-temp-20220927T155943132\ciscat.exe" "collect_ipconfig""
ERROR org.cisecurity.wrapper.SessionUtilities - Exception Creating Session!
org.xml.sax.SAXParseException: Content is not allowed in prolog.

A generic Unable to obtain connection to session: Null@null; Skipping error may be displayed as well (though this error is not exclusive to this case).

Solution

This particular issue can be caused by network interfaces (virtual or physical) that return insufficient data for the assessment to proceed.

To verify this, open an administrative PowerShell terminal on the target Windows system and run the following Get-WmiObject command:

Get-WmiObject -Namespace "root\cimv2" -Query "SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IpEnabled='True'" | Select-Object Description, Index, IPAddress, MACAddress | ConvertTo-Csv -NoTypeInformation

The result resulting output will indicate which adapter is affectedadapters are affected, if any.

In the below example, the “Appgate Tunnel“ "Appgate Tunnel" interface does not return a corresponding MAC address value:

"Description","Index","IPAddress","MACAddress"
"Intel(R) Wi-Fi 6 AX201 160MHz","1","System.String[]","88:D8:2E:07:FC:C9"
"VirtualBox Host-Only Ethernet Adapter","5","System.String[]","0A:00:27:00:00:03""
"Appgate Tunnel","16","System.String[]", 

To allow the scan to complete, temporarily disable the affected interface in the system settings. This The query used by Assessor only collects this data from adapters with enabled TCP/IP bindings.

Once the scan completes, the interface can be re-enabled.

Keywords; collect_ipconfig Windows

Content by Label