Ref to this guide
If I don´t define any Scope Range and leave the field empty, will the agent scan and try to reach every singel network/IP it can find? Or the agent will never leave the server that the agent was installed.
So final question is it require to fill the scope or exclude range?
Best answer by renier_steynView original
Not defining a scope (either include or exclude) basically gives the assessment an “All access” pass. It will scan and try to reach every system, share, db instance etc it detects.
It is not a requirement to include a scope, but is recommended.