Blue Lance

Bluelance 2.0
Get a demo
View Categories

Installing PII Scanner

4 min read

PII Scanner consists of two components that are installed separately โ€” the PII Scanner Server and the PII Scanner Client Agents. The server is installed first and acts as the central management hub. Client agents are then installed on each machine whose file system you want to scan. Both components must be able to communicate with each other and with the LT Auditor MP server.

Prerequisites:

PII Scanner Server requirements:

RequirementDetails
Operating SystemWindows Server 2016 or newer, or Linux (systemd)
RAM2 GB minimum, 4 GB recommended
Disk Space10 GB minimum for logs and database
Network โ€” InboundHTTPS on port 52766 (default)
Network โ€” OutboundAccess to LT Auditor MP syslog receiver
LT Auditor MP ServerMust be installed and running
Download Packagelta-mp-pii-scanner.zip from the Blue Lance download portal

PII Scanner Client Agent requirements:

RequirementDetails
Operating SystemAny system capable of running Python
Python3.8 or newer (if running from source)
Network โ€” OutboundHTTPS access to the PII Scanner Server on port 52766
PermissionsRead access to all file systems and paths to be scanned

Download the PII Scanner package:

https://downloads.ltauditor.com/ltamp/lta-mp-pii-scanner.zip

[Your administrator should confirm whether packages are distributed internally or downloaded directly from the portal in your environment.]

Part 1 โ€” Installing the PII Scanner Server on Windows:

Step 1 โ€” Download and prepare the installer:

Download the LTA_PII_Scanner.msi installation package to the target server.

If the file was downloaded from the internet, unblock it before running:

  1. Right-click LTA_PII_Scanner.msi
  2. Select Properties
  3. Click Unblock if the option is present
  4. Click OK

Step 2 โ€” Run the installer:

  1. Right-click LTA_PII_Scanner.msi
  2. Select Install
  3. Follow the on-screen installation prompts to complete setup

By default, the application installs to:

C:\Program Files\Blue Lance 2-0\LTA_PII_Scanner

Step 3 โ€” SSL certificate generation:

During installation, a self-signed SSL certificate named Scanner.pfx is automatically generated and stored at:

C:\Program Files\Blue Lance 2-0\LTA_PII_Scanner\certs

A corresponding public certificate file (.cer) is also generated. This certificate must be distributed to all client agents so they can establish secure TLS connections to the server.

Step 4 โ€” Verify the Windows service:

The installer automatically creates and starts a Windows service named LTA_PII_Scanner configured to start automatically.

Verify the service is running:

  1. Open Services and locate LTA_PII_Scanner โ€” confirm the status shows Running

Or verify from an elevated PowerShell or command prompt:

sc query “LTA_PII_Scanner”

Step 5 โ€” Review logs if the service fails to start:

If the service does not start, review the application logs for errors:

C:\Program Files\Blue Lance 2-0\LTA_PII_Scanner\logs

Check for:

  • Certificate loading issues
  • Port binding conflicts
  • Configuration errors
  • Connectivity issues

Step 6 โ€” Configure the firewall:

Ensure inbound traffic is allowed on the HTTPS port used by the scanner service (default: 52766):

New-NetFirewallRule -DisplayName “LTA PII Scanner” `

  -Direction Inbound `

  -Protocol TCP `

  -LocalPort 52766 `

  -Action Allow

Part 2 โ€” Configuring the PII Scanner Server:

After installation, review and update the server configuration file located at:

C:\Program Files\Blue Lance 2-0\LTA_PII_Scanner\appsettings.json

Key configuration settings:

SettingDescriptionDefault
ListeningPortThe port the server listens on for incoming connections52766
LogLevelLog verbosity โ€” Information, Warning, or ErrorInformation
DbConnectionStringConnection string for the SQLite databaseSet during install
CertificatePathPath to the SSL certificate fileSet during install

Example appsettings.json:

{

  “ListeningPort”: 52766,

  “LogLevel”: “Information”

}

After making any changes, restart the service for them to take effect:

Restart-Service “LTA_PII_Scanner”

Part 3 โ€” Installing the PII Scanner Client Agent on Linux:

Step 1 โ€” Download and extract the agent package:

Obtain the latest agent installer LTA_PII_Scanner_Agent.zip from the PII Scanner Server or your administrator.

unzip LTA_PII_Scanner_Agent.zip

cd LTA_PII_Scanner_Agent

Step 2 โ€” Configure the agent:

Before running the installer, update the config.json file with your PII Scanner Server connection details:

{

    “LOG_LEVEL”: “INFO”,

    “API_URL”: “https://<PII_Scanner_Server_IP>:52766/api”,

    “Insecure_API”: true,

    “API_CA”: “”,

    “POLL_INTERVAL_MIN”: 1

}

Configuration settings:

SettingDescription
LOG_LEVELClient logging verbosity โ€” INFO, DEBUG, WARNING, or ERROR
API_URLThe HTTPS URL of the PII Scanner Server API โ€” replace with your server’s IP or hostname
Insecure_APISet to true when using the auto-generated self-signed certificate
API_CAPath to a trusted CA certificate file โ€” leave blank when using Insecure_API: true
POLL_INTERVAL_MINHow often in minutes the agent checks the server for new scan jobs

If using a trusted CA certificate instead of the self-signed certificate:

{

    “Insecure_API”: false,

    “API_CA”: “/opt/bluelance/scanner/scanner-ca.cer”

}

Step 3 โ€” Run the installer:

The installer installs the agent to /opt/bluelance/scanner:

chmod +x Linux_install.sh

sudo ./Linux_install.sh

Step 4 โ€” Verify the agent service:

Check the agent service status:

sudo systemctl status LTA-Scanner

Confirm the scanner log file is created:

ls /opt/bluelance/scanner/scanner.log

Step 5 โ€” Verify client connectivity:

Review the scanner log for successful connection to the PII Scanner Server:

cat /opt/bluelance/scanner/scanner.log

Look for:

  • Successful connection messages to the server API
  • Job polling activity
  • Any TLS or certificate errors to resolve

Part 4 โ€” Installing the PII Scanner Client Agent on Windows:

[This section is currently being updated by Blue Lance. Your administrator should refer to the latest documentation at https://www.bluelance.com/docs for Windows agent installation instructions.]

Verifying the full installation:

After installing both the server and at least one client agent, confirm the end-to-end setup is working:

Log in to the PII Scanner Server web UI at:

https://<PII_Scanner_Server_IP>:52766

  1.  First-time users will be prompted to log in as admin with a temporary password and will be required to change it immediately.
  2. Navigate to Admin โ†’ Clients
  3. Confirm the installed agent appears in the client list with a status of Online (green)
  4. If the agent shows as Offline (red), check:
    • The LTA-Scanner service is running on the agent machine
    • The API_URL in config.json points to the correct server IP and port
    • No firewall is blocking port 52766 between the agent and the server
agent status, appsettings, ca certificate, client agents, config.json, deployment, execution policy, firewall, getting started, insecure api

Powered by BetterDocs

Newsletter

Let's get started and
enjoy the power of LT Auditor MP

ยฉ Copyright , BLUE LANCE 2.0. All Rights Reserved.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by