LAN scans, local checks, CVE review and lifecycle intelligence
Scantide Auditor PowerShell helps Windows administrators run authorized internal discovery, local endpoint checks, software inventory, CVE review, lifecycle/latest-version monitoring, radio discovery and ServiceNow CMDB comparison, then save the result as readable HTML evidence.
Full Auditor or Software Watch?
Scantide now has two Windows PowerShell experiences. Use the Full Auditor when you want LAN and endpoint assessment. Use Software Watch when you only want installed-software inventory, CVE review and lifecycle/latest-version monitoring.
Full Scantide Auditor
LAN scanning, local endpoint posture, CMDB comparison, radio discovery, service evidence, software CVE review, lifecycle monitoring and combined HTML reports.
Download Full AuditorLocal Software Watch
Lightweight software-only edition for inventory, CVE review and lifecycle intelligence. It is suitable for users who do not need the full network scanner.
Download Software WatchVersion feed and news
Both launchers can show Scantide project news, current versions and links by reading the shared version feed.
Open version feedRequired files
Keep the PowerShell scripts and helpers in the same folder. The complete ZIP is the safest starting point because it keeps the launcher, local check, helper files and version feed aligned.
Full Auditor ZIP
Recommended complete package with LAN scanner, Launcher, Local Check, Credential Manager, Radio/Favicon/Port helpers, protocol helper and OUI cache.
DownloadSoftware Watch ZIP
Software-only package with simplified launcher, Local Check engine, Credential Manager and user-logon Watch mode.
DownloadScantideLauncher.ps1
WinForms launcher for LAN scans, Local PC Check, Software Lifecycle, Tools and version/news feed.
DownloadScantideLocalCheck.ps1
Local endpoint posture, software inventory, CVE review, lifecycle checks and exact-version exclusions.
Download$dest = Join-Path $env:USERPROFILE 'Downloads\ScantideAuditor'
New-Item -ItemType Directory -Path $dest -Force | Out-Null
$zip = Join-Path $dest 'Scantide_Full_Local_Files_3.5.216.zip'
Invoke-WebRequest -Uri 'https://www.scantide.com/helpfiles/Scantide_Full_Local_Files_3.5.216.zip' -OutFile $zip -UseBasicParsing -TimeoutSec 90
Expand-Archive -LiteralPath $zip -DestinationPath $dest -Force
Get-ChildItem -Path $dest -Filter '*.ps1' -Recurse | Unblock-File -ErrorAction SilentlyContinue
Write-Host ""
Write-Host "Downloaded Scantide Auditor PowerShell files to: $dest" -ForegroundColor Green
Write-Host "Examples:" -ForegroundColor Yellow
Write-Host " cd `"$dest`""
Write-Host " .\ScantideLauncher.ps1"
Write-Host " .\ScantideLAN.ps1 -Network 192.168.0.0/24 -PortProfile Standard"
Write-Host " .\ScantideLocalCheck.ps1 -CheckLevel Basic"
Write-Host " .\ScantideLocalCheck.ps1 -OnlyChecks SoftwareInventory,SoftwareCve,SoftwareLifecycle -UseSavedScantideCredentials"Community-driven software lifecycle intelligence
Maintaining a manually updated lifecycle database for every software product is not realistic. Vendors release new builds constantly, change naming schemes and keep different release channels alive at the same time. Scantide therefore combines catalog/API lookups with real-world observed software versions.
Real-world observations
Participating systems can contribute anonymized software name, vendor and version observations. This helps Scantide learn what versions are actually seen in the field.
Latest observed version
Reports show the installed version and the latest version currently known to Scantide for that product. Rows are highlighted when a newer version may exist.
Source and confidence
Lifecycle rows include source and confidence so the result is understood as review evidence, not vendor proof.
| Shared | Not shared |
|---|---|
Software display name, vendor and version, for example 7-Zip 26.01 or PowerShell 7.6.3. | Usernames, documents, file contents, passwords, registry dumps, hostnames, serial numbers and internal IP addresses. |
| Anonymous lifecycle observations used to improve latest-version intelligence. | Anything needed to identify a person, read files or map an internal network. |
Software inventory, CVE review and lifecycle columns
The local software report is meant to reduce guesswork. It shows what is installed, whether CVE review signals exist, and whether Scantide has seen a newer version.
Installed version
The version Windows reports for the installed software entry. This may include packaging suffixes such as trailing .0.
Latest observed version
The latest version Scantide currently knows about. It may come from catalog data or community observations.
Lifecycle source / confidence
Shows whether the result came from community intelligence, catalog/API data or fallback logic, and whether confidence is low, medium, high or review-only.
7.6.3 and 7.6.3.0. If the installed version appears newer than the known lifecycle signal, the report marks it as branch/channel review instead of incorrectly calling it outdated.12-hour CVE and lifecycle cache
CVE and lifecycle lookups are cached locally for 12 hours by default. This keeps repeated scans fast, reduces API usage and avoids unnecessary repeated online calls during testing or Watch runs.
Cache key
Software cache entries are based on normalized product and version. Different versions are tracked separately where possible.
Cache files
Stored under C:\ProgramData\Scantide when writable, with LocalAppData fallback.
TTL
Default TTL is 12 hours for CVE and lifecycle data. Stale or missing rows are refreshed online when credentials/API access are available.
False positives
CVE false-positive filtering is applied after cached or fresh CVE results are loaded, so exclusion changes are reflected in the next report.
What the launcher does
The launcher is a GUI wrapper. It builds normal PowerShell commands, runs the scanner, shows live output, opens the newest report and helps manage helper files, credentials and tools.
Quick scan
Choose target network, port profile, CVE/API settings, CMDB comparison, local discovery, radio checks and output options.
Local PC Check
Runs ScantideLocalCheck.ps1 in Basic or Advanced mode, with software inventory, local hardening checks, CVE review and lifecycle evidence.
Tools and news
The Tools tab can read ScantideLAN-version.json to show current project news, downloads and product links.
Windows Credential Manager support
The launcher can save Scantide email/API key and ServiceNow username/password locally in Windows Credential Manager. This avoids plain-text configuration files and keeps secrets out of generated command previews.
Scantide API
Stored as a current-user Windows Credential Manager entry such as ScantideAuditor.Api. Used for CVE and lifecycle API access.
ServiceNow
Optional ServiceNow instance and credentials can be stored for CMDB comparison.
No secrets in reports
Reports and console output should show whether credentials exist, not the API key or password value.
How Add to exclusion works
A normal HTML report is not allowed to silently run PowerShell. Scantide therefore uses a small local helper and a temporary custom URL protocol for deliberate, user-clicked actions.
1. Launcher startup
When ScantideLauncher.ps1 starts, it can register scantide-local:// under the current user.
2. Report action
The CVE report button links to a URL like scantide-local://cve-false-positive/add?key=Product%7CVersion.
3. Helper execution
Windows launches ScantideLocalProtocolHelper.ps1, which validates the request and calls ScantideLocalCheck.ps1 to add the exclusion.
4. Cleanup
On clean launcher exit, the protocol can be unregistered again. Manual register/unregister actions are also available.
Exact-version CVE exclusions
When a CVE match has been manually reviewed and accepted as a false positive, suppress it for that exact software name and exact version only.
| Item | Meaning | Example |
|---|---|---|
| Suppression key | Product plus exact version. A newer version is not hidden automatically. | 7-Zip|26.01 |
| Report button | The CVE table shows Add to exclusion. The command is still visible for fallback copying. | scantide-local://cve-false-positive/add?key=... |
| Storage | False positives are stored as JSON in ProgramData, with LocalAppData fallback. | C:\ProgramData\Scantide\ScantideLocalCveFalsePositives.json |
| Command line | You can manage exclusions without the report button. | .\ScantideLocalCheck.ps1 -ListCveFalsePositives |
.\ScantideLocalCheck.ps1 -AddCveFalsePositive "7-Zip|26.01"
.\ScantideLocalCheck.ps1 -RemoveCveFalsePositive "7-Zip|26.01"
.\ScantideLocalCheck.ps1 -ListCveFalsePositivesWatch behavior
Software Watch and Local Watch are intended for lightweight repeated software/CVE/lifecycle checks. They should not be confused with EDR, antivirus, a patch manager or proof of compromise.
Full Auditor Local Watch
Full Scantide Auditor can run modules separately and keeps lifecycle sharing configurable.
Software Watch logon mode
The lightweight Software Watch edition installs for the current user logon, following the same simple user-logon behavior as the Full Scantide approach.
ProgramData output
Reports and watch status files default to C:\ProgramData\Scantide or C:\ProgramData\Scantide\SoftwareWatch when writable.
.\ScantideLocalCheck.ps1 -OnlyChecks SoftwareInventory,SoftwareCve,SoftwareLifecycle -UseSavedScantideCredentials
.\Install-ScantideLocalWatch.ps1 -AtLogon $true
.\Remove-ScantideLocalWatch.ps1Internal network scan examples
.\ScantideLAN.ps1 -Network 192.168.0.0/24 -PortProfile Standard
.\ScantideLAN.ps1 -Network 192.168.0.0/24 -PortProfile Hypervisor
.\ScantideLAN.ps1 -Network 192.168.0.0/24 -EnableAllLocalDiscovery -RunLocalDiscoveryHelper
.\ScantideLAN.ps1 -Network 192.168.0.0/24 -EnableRadioDiscovery -EnableWifiDiscovery -EnableBluetoothDiscovery
.\ScantideLAN.ps1 -List .\networks.txt -CombineListReportsFrequently used parameters
| Parameter | Purpose | Example |
|---|---|---|
-Network | Scan one CIDR range. | -Network "10.24.48.0/24" |
-List | Read networks or hosts from a text file. | -List ".\networks.txt" |
-PortProfile | Select ports by use case. | -PortProfile Hypervisor |
-EnableRadioDiscovery | Run Wi-Fi/Bluetooth radio helper where supported. | -EnableRadioDiscovery |
-CheckServiceNow | Compare discovered assets with ServiceNow CMDB data. | -CheckServiceNow -UseSavedServiceNowCredentials |
-CheckLevel | Controls local endpoint check depth. | .\ScantideLocalCheck.ps1 -CheckLevel Advanced |
-OnlyChecks | Run only selected local check modules. | -OnlyChecks SoftwareInventory,SoftwareCve,SoftwareLifecycle |
-ShareSoftwareLifecycleInventory | Share anonymized software/version observations when using Full Auditor. | -ShareSoftwareLifecycleInventory |
-AddCveFalsePositive | Add exact product/version CVE exclusion. | -AddCveFalsePositive "Product|Version" |
Common issues
- Add to exclusion does nothing: start the launcher so it can register
scantide-local://, or use the manual command shown in the report. - Lifecycle says checked but no latest known: the software was submitted/checked, but Scantide does not yet have a useful latest-version signal for that exact product.
- Installed version appears newer than latest observed: treat this as branch/channel review. The software may be preview, beta, LTS, stable or packaged differently.
- Slow repeated CVE checks: confirm that cache files are writable under ProgramData or LocalAppData, and that the cache TTL is not set too low.
- API authentication fails: verify that saved Scantide API credentials are present in Windows Credential Manager and that the licensed email/API key pair is valid.
Frequently asked questions
Is lifecycle intelligence vendor proof?
No. It is a practical review signal based on Scantide catalog/API data and observed versions. Always verify critical software against the vendor before making change-control decisions.
Why community observations?
Because manually maintaining latest-version data for thousands of products is effectively impossible. Real-world observations make the data more dynamic and automated.
Does Software Watch replace Full Auditor?
No. Software Watch is the lightweight software-only edition. Full Auditor remains the full LAN, endpoint and infrastructure assessment toolkit.
Does Scantide update software?
No. Scantide identifies review candidates. It is not a patch manager or software deployment product.
Use the GUI tour beside this manual
The GUI tour page shows the Launcher layout and explains what each tab is for. It is useful for users who want to understand Quick Scan, discovery options, ServiceNow / CMDB, Local PC Check, Tools and Advanced settings before running the scripts.