The latest automated scanning tools facilitate agents that install a scanning service on respective assets. This service usually runs with the highest possible privileges. Once the trigger from the scanner is received by a service running on the host, the service fetches the respective scanning profile for that particular asset from the scanner running scans natively on the asset itself.

The advantages of the agent-based scan over an agentless scan are as follows:

• No overhead on the network as scans are running natively on the system
• No need to wait for nonbusiness hours to initiate testing on noncritical assets
• Scanning intervals can be reduced, which helps in keeping security posture up to date
• No need to maintain separate credentials dedicated to scanning
• Provides comprehensive scans covering more attack surfaces exposed
• The report provides detailed vulnerabilities exposed on assets 
• Less false positives
• Increased accuracy in reports

The disadvantages of an agent-based scan over an agentless scan are as follows:

• Agents might not support special devices (modems, radios, and so on) and all the operating systems and firmware
• Installing an agent on every compatible asset—even-though this would be a onetime activity in a large environment, this would be a challenge
• Managing and protecting the agent itself—as the agent is running a service with higher privileges, these agents need to be managed and protected very cautiously