Embotics® vCommander™ uses Microsoft’s Windows Management Instrumentation (WMI) protocol to retrieve information about installed software and services during Guest OS Scans, and to run workflow steps.



To do so, vCommander logs into localhost and uses it as a proxy to connect to Windows guests. When unable to connect using localhost as a proxy, vCommander falls back to attempting to login to guests directly using the credentials you have configured in Embotics vCommander.

This means that you must configure both the Windows firewall on the vCommander application server and the guests to allow these connections. Follow the process below to do so, depending on your operating system.

Important: Remember when creating or enabling rules for the Windows Firewall that you must activate the rules for the correct firewall profile. For more information on firewall profiles, refer to the Microsoft documentation.


Windows 2012, 2008 R2, 2008 and 7


You will create a custom rule in the Windows Firewall.

  1. Log in as Administrator and issue the command wf.msc from the Start menu. For Windows 2012, issue the command from the powershell prompt.
  2. In the left-hand pane, select Inbound Rules under Windows Firewall with Advanced Security.
  3. In the Actions pane, click New Rule.
  4. Choose Custom and click Next.

  5. Leave All programs selected and cick Next.

  6. Set Protocol Type to TCP. Set Local Port to RPC Dynamic Ports. Click Next.

  7. On the Scope page, you can restrict the rule to particular local or remote IPs. If you restrict the rule for local IPs, you must make sure this is the address vCommander will use to perform the Guest OS scan, or it will fail. If you are a high-security environment, restrict the rule to the vCommander server address as the allowed remote IP. Click Next.

  8. Leave Allow the connection selected and click Next.

  9. Choose the profiles for which the rule will be enabled, and click Next.