This guide covers the security console installation process for Windows and Linux.

Before continuing, make sure you meet these requirements:

  • The latest Linux or Windows installer.

  • The corresponding checksum file for your installer, which helps ensure that installers are not corrupted during download.

  • A product key, which is needed to activate your license upon login.

Contact your account representative if you are missing any of these items. You should have received an email containing the download links and product key if you purchased InsightVM or registered for an evaluation. We recommend adding InsightVM to your email client allowlist to ensure you are receiving all future emails regarding InsightVM.


Keep these considerations in mind as you undergo the installation and account creation process.

Installation options

Before you begin the installation process it is important to take note of which installation option you would like to proceed with.

There are two installation options:

  • Security Console with a local Scan Engine
  • Scan Engine only

If you’re following the basic deployment plan, you’ll install a Security Console with a local Scan Engine.

Only installing a Scan Engine?

While generally unnecessary for trial deployments, keep in mind that production deployments make extensive use of dedicated Scan Engines. Scan Engines are controlled by the Security Console and cannot operate without being paired with one. Scan Engine-only installations assume that you have a Security Console installed elsewhere on your network.

See the Distributed Scan Engines page for instructions on how to pair and configure a dedicated Scan Engine.

Default account creation

During your installation, you’ll create a default account with Global Administrator privileges. When you configure these credentials, store them in a safe place where you can reference them in the future.

Username and password creation.

Credentials are case-sensitive. As you create credentials, complexity requirements are displayed to ensure that your credentials are secure. Even if your password meets the minimum requirements, it is recommended that you make your password as strong as possible for additional security. A “heat bar” is displayed that gradually changes color from red to green as you make your password stronger. Global Administrators can create and modify accounts after installation.

Avoid conflicts with other authentication source accounts

As a general guideline, the username for your default account should be totally unique from any other account name that you may have already configured in other external authentication sources. The Security Console requires that all user accounts have unique usernames. If you intend to configure an external authentication source for console access (such as Active Directory or SAML), do not use one of your external authentication accounts as the default account username.

Recovery of credentials is not supported.

After installation is complete, you will be able to log in to the InsightVM application. Recovery of credentials is not supported. If you forget your username or password, you will have to reinstall the program.

Enable/disable initialization

Enabled by default, this option will initialize the Security Console after it’s been installed. Initialization configures the application for use and updates the vulnerability database. If you enable initialization, your installation time will increase respective to that process. Initialization time ranges from 10 to 30 minutes.

FIPS Mode requirements

While most organizations do not require this configuration, ensure that you DO NOT initialize the console during your installation if you intend to use FIPS mode. FIPS mode must be configured before the Security Console is started for the first time.

See Enabling FIPS mode for instructions.

Application initialization and automatic start option

Installing both the Scan Engine and the Security Console?

If you are installing both the Scan Engine and the Security Console, the automatic start option is enabled by default. If you do not want automatic initialization to occur, you must disable it. The benefit to leaving this option enabled is that you can start using the InsightVM application immediately after the installation is complete. This is because it has to intialize before the process prepares the application for use by updating the database of vulnerability checks and performing the initial configuration. Leaving this option enabled increases total installation time by 10 to 30 minutes. Although disabling the option shortens the installation time, it takes longer to start the application because it will have to initialize before you can begin to use it.

Communication direction between console and engine

Your preferred communication direction between console and engine depends on network configuration:

Engine to Console

The Scan Engine will actively inform the Security Console that it is available for communication. This configuration allows a configured console that is behind a firewall to allow inbound connections to establish a communication channel.

Console to Engine

The Scan Engine will listen for communication from the security console. This configuration is most effective when the engine and console are on the same area of the network.


Now that you’ve considered your options, follow one of the procedures below according to your OS:

Tips for using the installation wizard

The pages of the install wizard are listed in the left margin. Your current page is highlighted. Use this list to track your installation progress. Each page of the wizard has a Previous button and a Cancel button. Use the Previous button if you need to review or change an installation setting. Use the Cancel button only if you need to abandon the installation. If you cancel at any point during the installation process, no files will be installed, and you will be required to return to the beginning of the installation process.


  • Disable SELinux before you install the application.

  • For Linux installations, we recommend installing the tmux or screen package to provide an interactive terminal with the Security Console and Engine.

  • Check the installer file to make sure it was not corrupted during the download.

  • Uninstall any previously installed versions of InsightVM.

Running the Linux installer

To start the Linux installer, follow these steps.
  1. Make sure your installer and checksum file are in the same directory.

  2. Open a terminal and browse to the directory where your installer and checksum file are located.

  3. Run the following command, substituting <installer_file_name> with the appropriate value:

sha512sum -c <installer_file_name>.sha512sum

Do not close command line window

A command line window will appear during installation. You do not need to interact with it, but do not close this window.

  1. If this command returns an OK message, the file is valid. If the check fails, the file was found to be invalid. Download the installer again and retry.

  2. Modify the permissions of the installer to make it executable:

chmod +x <installer_file_name>
  1. Run the installer:
./<installer_file_name> -c

Using a GUI?

If you are using a Graphical User Interface, omit the -c switch at the end of the installer run command. You’ll use a wizard similar to the Windows version instead.

  1. Follow the instructions prompted by the installer.


  • You have administrator privileges and are logged onto Windows as an administrator.

  • Your system meets the minimum installation requirements.

  • You have uninstalled any previously installed copies of the application.

Running the Windows installer

To start the Windows Installer, follow these steps.
  1. Make sure your installer and checksum file are in the same directory.
  2. Open a command prompt and browse to the directory where your installer and checksum are located.
  3. Run the following command, substituting <installer_file_name> with the appropriate value:
certutil -hashfile <installer_file_name> sha512
  1. Run the installer.

Do not close command line window

A command line window will appear during the installation, but you will not need to interact with it. Do not close this window.

  1. Double-click the installer icon. A message displays while the wizard is preparing. Once the wizard is done preparing, you will be sent to the Welcome page to begin installation.

  2. Follow the steps as the wizard guides you. This is where you will decide on the considerations mentioned previously throughout the process.

Installation complete!

You should now have the Security Console with a local Scan Engine installed. It’s time to log in and complete your activation.

Other installation information

How to activate FIPS mode

If you want to enable FIPS mode, do not select the option to initialize the application after installation. FIPS mode must be enabled before the application runs for the first time.

Installing the Scan Engine

If you are only installing the Scan Engine, you may need to specify the Shared Secret to pair it with a Security Console. Global Administrators can generate a Shared Secret in the Administration section of the Security Console. Select manage next to Engines, click Generate next to Shared Secret, and copy and paste the Shared Secret into the Installation Wizard.

Running the uninstaller

When installing InsightVM, it is important to uninstall any previous versions located on your system before attempting to install a new copy. Follow these uninstaller steps for Windows and Linux.

Back-up data before uninstalling

To prevent a loss of sites, configurations, reports, and other data, make sure you backup all of your data before you begin the procedure. Uninstalling completely removes all components and deletes your data.