Skip to content
vScope Support Page

How do I stop vScope from reading /etc/shadow?

If your security policy disallows any access to /etc/shadow, you can disable that probe behavior.

Steps

  1. Stop the vScope Server service.
  2. Open (or create) config.ini in the vScope data folder
    • Windows (default): C:\vScopeData\configuration\config.ini
    • Linux/Docker (default): /data/configuration/config.ini
  3. Add: 
    discovery.probe.ssh.read_etc_shadow=false
  4. Save the file and start the vScope Server service.
  5. Run a discovery against a Linux host and check Discovery → Log History to confirm the shadow file is no longer read.

What changes? Only the SSH probe stops attempting to read /etc/shadow; other discovery steps continue normally.

Need to revert? Remove the line or set it to true, restart the service, and rerun discovery.