When i run the scheduled scan or manual scan from distributed scan engine i got the below error:
Failed (java.lang.NullPointerException at com.rapid7.handlers.plugin.vulnck.VulnerabilityCheckResultQuery.toLHS(VulnerabilityCheckResultQuery.java:113) at com.rapid7.framework.plugin.vulnck.QueryCollection.getJessLHS(QueryCollection.java:113) at com.rapid7.handlers.tests.vuln.PrepareVulnChecks.generateJessRulesForVulns(PrepareVulnChecks.java:265) at com.rapid7.handlers.tests.vuln.PrepareVulnChecks.generateJessRulesForVulns(PrepareVulnChecks.java:240) at com.rapid7.handlers.tests.vuln.PrepareVulnChecks.prepare(PrepareVulnChecks.java:197) at com.rapid7.nexpose.scan.ScanUtils.loadScanPlugins(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:750) )
when i run the scan from local scan engine it works. can anyone help on this.
Basically the engine is saying that it cannot reach that asset. Is the engine and the console in the same network with the same ability/route/firewalls in place to reach that endpoint?
Reading through those specific lines of errors it might actually be kess to do with the connection and more to do with a corrupted install on the scan engine. This happens a lot when you either introduce a new Endpoint Protection tool or the current tool you have gets some updated coverage.
Looking at those log lines it appears that its failing to load some of the vulnerability check plugins which leads me to believe theyve either been deleted or quarantined by some other tool. Typical culprits are SentinelOne, Defender, ESET, Crowdstrike, etc.
I would open a support ticket if you havent already done so. They have a few steps you can do to repair the scan engine. Theres a few files you would want to backup before you uninstall and then reinstall the scan engine on that host. Also make sure you whitelist the Rapid7 directory on those hosts.