> ## Documentation Index
> Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Running Authenticated Asset Scans

|                       |           |              |             |             |
| --------------------- | --------- | ------------ | ----------- | ----------- |
| **Role Availability** | Read-Only | Investigator | **Analyst** | **Manager** |

An authenticated asset scan verifies scanned Internet Protocol (IP) addresses and detects vulnerabilities. Log in as administrator or root to perform an authenticated scan. See [Managing Credentials in USM Anywhere](/documentation/usm-anywhere/user-guide/vulnerability-assessment/credentials) for more information.

<Danger>
  **Warning**: An authenticated scan may fail if the local mail exchanger, which applies to Linux hosts, is enabled in the target asset.

  You cannot scan USM Anywhere Sensors.
</Danger>

You can scan an instance or network, but first you need to check these points:

* The sensor reaches the targets
* The sensor is able to scan their ports

If your USM Anywhere Sensor is deployed in Amazon Web Services (AWS) to a virtual private cloud (VPC), see [Amazon VPC-to-Amazon VPC connectivity options](https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/amazon-vpc-to-amazon-vpc-connectivity-optionsl) for more information.

The following table shows the asset scan credentials and escalation options.

**Asset Scan Credentials and Escalation Options**

| **Operating System**          | **Method and Credentials**                  | **Escalation** |
| ----------------------------- | ------------------------------------------- | -------------- |
| Linux, BSD, Solaris, or macOS | SSH password or public key authentication   | sudo or su     |
| Microsoft Windows             | Windows username and password through WinRM | None           |

<Note>
  **Note**:  If a scan is suspended or otherwise running for more than two hours, it will time out. You can see the timeout result in the asset's Scan History, as well as in the system event generated for that scan.
</Note>

**To run an authenticated asset scan from Assets**

1. Go to **Environment > Assets**.

2. Complete one of these options:

   * Next to the asset name that you want to scan, click the <img src="https://mintcdn.com/levelblue-5324744e/jo1779yzvGjLisJx/images/usm-anywhere/chevron-down.svg?fit=max&auto=format&n=jo1779yzvGjLisJx&q=85&s=49cdbebf7934499f2df552d32ed9aa74" className="inline" width="20" height="20" data-path="images/usm-anywhere/chevron-down.svg" /> icon select **Full Details**, and then select **Actions > Authenticated Scan**.

   or

   * Next to the asset name you want to scan, click the <img src="https://mintcdn.com/levelblue-5324744e/jo1779yzvGjLisJx/images/usm-anywhere/chevron-down.svg?fit=max&auto=format&n=jo1779yzvGjLisJx&q=85&s=49cdbebf7934499f2df552d32ed9aa74" className="inline" width="20" height="20" data-path="images/usm-anywhere/chevron-down.svg" /> icon and select **Authenticated Scan** to directly start the asset scan. If the option is not enabled, you need to add a credential. See [Managing Credentials in USM Anywhere](/documentation/usm-anywhere/user-guide/vulnerability-assessment/credentials) for more information.

   A message displays at the top of the page to inform you that the authenticated scan is in progress.

   <Info>
     **Important**: Credentials assigned directly to an asset have higher priority than those assigned to an asset group.
   </Info>

3. In the asset details page, click **Scan History** in the table area to display the results of the scan.

   You can see the status of each scan and its details, which informs you if the scan is unsuccessful due to bad credentials or a connectivity issue between the USM Anywhere Sensor and the asset you are attempting to scan. USM Anywhere also creates a system event named Authenticated Asset Scanner Result for the scan and for testing the credentials.

   Each asset has a **Scan Details** link you can click to download a zip file containing the details of the recent scan. The link is only present for the most recent scan of each asset, and is available for one week after the scan has been run.

   Below the Vulnerabilities tab, you can see the vulnerabilities that the scan has found.

   <Frame>
     <img src="https://mintcdn.com/levelblue-5324744e/HGmP1muJoLfdGhKM/images/usm-anywhere/user-guide/vulnstab.webp?fit=max&auto=format&n=HGmP1muJoLfdGhKM&q=85&s=f14fc251e03e63a0c6b41203a3135819" alt="" width="1164" height="277" data-path="images/usm-anywhere/user-guide/vulnstab.webp" />
   </Frame>

   You can also see the vulnerabilities that the scan has found by going to **Environment > Vulnerabilities**. While the scan is running, a Scanning button displays. When the scan finishes, the message **Scan finished. Refresh to view scan results** displays. Click **Refresh Scan Results** to update the list.

<Note>
  **Note**: See [Scheduling Authenticated Asset Scans from Assets](/documentation/usm-anywhere/user-guide/asset-management/asset-administration/scheduling-auth-scans) and [Scheduling Asset Scans from the Job Scheduler Page](/documentation/usm-anywhere/user-guide/scheduler/scheduling-asset-scans-from-scheduler) for more information about how to schedule an authenticated asset scan.
</Note>