Skip to content

Agent-Based VM Scanning for Windows

This guide provides step-by-step instructions to onboard Windows Virtual Machines (VMs) for agent-based vulnerability and malware scanning using the AccuKnox Omni agent.

Prerequisites

  • Administrator access to the Windows VM.
  • Outbound internet connectivity to AccuKnox SaaS.
  • A valid AccuKnox Tenant ID and API Token.

Installation

1. Download the Installer Script

Open a PowerShell terminal as Administrator and run the following command to download the agent installation script:

Invoke-WebRequest -Uri 'https://accuknox-omni.s3.us-east-1.amazonaws.com/v0.1.2/agent-install.ps1' -OutFile .\agent-install.ps1

2. Run the Installation Script

Execute the script to install and configure the agent. Replace <REDACTED> with your actual Artifact API Token and CHANGEME with your desired label.

.\agent-install.ps1 `
    -ArtifactEndpoint https://cspm.accuknox.com/api/v1/artifact/ `
    -TenantId 000 `
    -ArtifactLabel CHANGEME `
    -ArtifactApiToken "<REDACTED>" `
    -SkipMalwareScan $true

Configuration Details

  • Artifact API Token: Generate this under Settings > Tokens in the AccuKnox dashboard.
  • Artifact Label: Create a label under Settings > Labels to identify this VM.
  • SkipMalwareScan: Set to $false if you want to enable malware scanning immediately (requires ClamAV).

The installation script creates a Windows scheduled task to run the agent periodically.

Air-gapped Installation

For environments without direct internet access, follow these steps:

1. Download & Extract the Bundle

On a machine with internet access, download the all-in-one bundle:

Invoke-WebRequest `
    -Uri "https://accuknox-omni.s3.us-east-1.amazonaws.com/latest/all-in-one.zip" `
    -OutFile all-in-one.zip `
    -UseBasicParsing

Expand-Archive -Path ".\all-in-one.zip" -DestinationPath .\ -Force
cd .\all-in-one\

2. Setup ClamAV Database

Create the directory and move the ClamAV database files:

New-Item -ItemType Directory -Path "C:\Program Files\ClamAV" -Force
Move-Item -Path .\database\clamav\ -Destination "C:\Program Files\ClamAV\database" -Force

3. Setup MSRC Database

Create the directory and move the MSRC database files:

New-Item -ItemType Directory -Path "C:\ProgramData\Accuknox\Omni" -Force
Move-Item -Path .\database\msrc\ -Destination "C:\ProgramData\Accuknox\Omni" -Force

4. Install Omni Agent

Move the Omni executable to the installation directory:

New-Item -ItemType Directory -Path "C:\Program Files\AccuKnox\Omni\" -Force
Move-Item -Path .\omni.exe -Destination "C:\Program Files\AccuKnox\Omni\" -Force

5. Run the Installation Script (Air-gapped)

Run the installation script with the -SkipOmniDownload flag:

.\agent-install.ps1 `
    -ArtifactEndpoint https://cspm.accuknox.com/api/v1/artifact/ `
    -TenantId 000 `
    -ArtifactLabel CHANGEME `
    -ArtifactApiToken "<REDACTED>" `
    -SkipOmniDownload $true `
    -SkipDatabaseDownload $true