Any option to limit max. scan duration? [Case Update]

Update (28.03.2024): I have raised a support case (Idea Case)

Hello everyone,
I have a short question. Is there a way to limit the maximum scan duration on one asset? During my weekly scans, I sometimes encounter situations where my scheduled scans cannot finish in time because only one out of over 3000 scanned assets fails to complete, even after waiting for over 3 hours. Typically, this issue arises with Windows 10 clients, likely because these specific assets were shut down and went offline during the scan. In my opinion, it would be helpful if I could set a maximum scan duration, allowing the scanner to move on if a scan cannot be completed within, let’s say, a maximum of 2 hours.

Has anyone else experienced similar behavior, and how do you address this issue on your end?

Best regards,
David


Reply from Rapid7 on my support case:

Your Rapid7 support case “Idea - Enhance Scan Duration Control for Individual Assets”, case #06694960, has been updated with the following information:

Hello David,

Thank you for contacting the Rapid7 Support Team. My name is Vince and I will be assisting you today.

An internal ticket has been logged for this feature request and it is now with Rapid7 Product Management. Rapid7 Product Management considers all submitted requests for enhancement and selectively provides detailed reviews and feedback.

Not every enhancement request is technically feasible, suitable for all customers, or consistent with the experience Rapid7 aims to deliver. Accordingly, Rapid7 makes no commitment to implement enhancement requests. I will archive this issue as an enhancement request filed and we will reach out if we require any further information. No ETA has been given at this stage.

This message is to confirm that we have moved your request into ‘Closed - Enhancement Request Filed’ status and it is now with Rapid7 Product Management. Your case will now be closed and keep you posted on any updates once available.

We will reach out if we require any further information. If you require an update on your feedback at any time or if your business impact changes with regard to this, please contact your Customer Success Manager.

Have you looked at the scan template that you are using?
There are a bunch of options in there that have performance impacts.
During a health check they reviewed these with us, I’d recommend getting one of those scheduled.

I don´t thinks there is a solution for just one asset onto an specific site. Just for the total site scan.

Yes, I have already looked into the scan template and searched for a global setting, but I could not find any useful setting.

Yea, I need a global solution and just for one specific asset. :slight_smile:

It’s frustrating. I have one site in particular where scans will hang up on different assets and the scan will run for days if I let it. I had to change that scan to pause after 24 hours and then I have to go in to the console and manually stop the scan. Tenable has an option in the scan config that basically says if a scan has been running for more than X amount of time on an IP to consider it dead and move on. Rapid7 needs the same thing.

2 Likes

That is precisely the option that should be added to the scan configuration template . Since we also have Microsoft Defender on all Windows 10 clients , I can at least check the vulnerabilities using the Microsoft Defender console for the specific clients that got stuck during the scan process. I will raise a feature request.

I also highly recommend looking into Scan Assistant. It will enable local scanning on the assets which i’ve found greatly speeds up those one off assets that take forever to complete. Using the Scan Assistant | InsightVM Documentation

This is a really good idea. We also have some particular assets that take forever to scan, and with 10s of thousands of assets I don’t have the bandwidth to troubleshoot each one. If a server or printer is taking 4 hours to scan that is an obvious indicator something has gone wrong.

There should be an option in the scan template to abort scanning a particular asset after X amount of minutes or hours. A per-asset max scan duration.

Hear us mysterious product team! We don’t need CIS template updates, we need quality of life improvements in the tool!

1 Like

I hope that my support case or idea will be promptly reviewed and implemented by the development team. I share the same opinion as you that policy updates do not greatly interest me, as we rarely use policy scans. However, we have transitioned from monthly global scans to weekly scans and are therefore more interested in improving scan performance. Let’s see… I will add any updates to my initial post.

1 Like

Have you tried using the Duration option while setting Schedule for a Scan. If the duration is set in schedule, the scan will stop upon reaching the set duration. Scan can be resumed during the next scan cycle,

Yes, I have set a max. duration on all my scan sites. However, I think there should also be an option to set a max. scan time on an asset.

1 Like